PDA

View Full Version : Slow computer + Spybot crashing cpu in safemode; Windows 7



DeepFriedMotherboard
2012-01-18, 17:39
Hey!

In advance thank you so much for taking your time to help me, I really appreciate it as this will be ending a great amount of frustration (hopefully).

My computer has gradually been getting more sluggish and, as of recently, it's been extremely notable. In November I started noticing some delay starting up, and starting executable files. On 11/11/11 I ran ComboFix after doing a command line AVG scan along with a Spybot S&D full scrub-down and it seemed to do the trick, both showing only minor issues such as cookies or searchbars.

In late December I noticed more problems, more frequently. Games started having bad fps drops, videos chopped up, etc. I assumed it was the hard drive that needed a defrag, perhaps temp, or even a problem on the software end. Temperature wasn't the issue, nor did it seem spyware was either.

After a few weeks of these symptoms getting worse I decided to have a clean-up day; I defragmented the hard drive, I cleaned the disk, ran malwarebytes, ccleaner, removed unused programs and toolbars. I decided to save Spybot S&D for safe mode - and this is what is worrying me.

After all of that these problems have become more frequent and more aggravating, and when I run spybot S&D in safe mode it crashes my cpu. I run it in normal and it goes through squeaky clean. I've tried it in safe mode with and without networking. Twice I left the room and wasn't watching, I came back to a shut down computer.

Today I watched it scan, and boom it shut straight off in the middle of scanning. The last thing I remember seeing was virtumonde.avi, after searching that I got linked to the spybot archives. I've spent about 3 hours researching to come up with nothing to fit my scenario,so here I am. Here's my DDS log with high hopes that I don't have something serious.

---------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Goodie at 10:14:17 on 2012-01-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1478 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d525l0354z1l5t48i2x201
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: &Winamp Search
IE: Google Sidewiki...
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF6DECB5-51A1-426B-8B87-D7FFCBAC5329} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF6DECB5-51A1-426B-8B87-D7FFCBAC5329}\3767561637F66647 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Goodie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Goodie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.brc, BRI/1
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-1 652872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-3-31 9728]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-3-31 3072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 L6UX2;Service - Line 6 UX2;C:\Windows\system32\Drivers\L6UX264.sys --> C:\Windows\system32\Drivers\L6UX264.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-30 1153368]
S4 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
S4 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
.
=============== Created Last 30 ================
.
2012-01-18 13:14:33 -------- d-----w- C:\Windows\rescache
2012-01-18 10:30:36 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-18 10:30:34 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-01-18 10:30:34 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-01-18 10:28:47 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-01-18 10:27:58 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-01-18 10:27:56 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-01-18 10:19:45 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-18 10:19:45 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-16 16:41:01 -------- d-----w- C:\Users\Goodie\AppData\Local\{AB0689C1-1A17-4BEC-80C7-C83F569E3F03}
2012-01-16 16:40:49 -------- d-----w- C:\Users\Goodie\AppData\Local\{A3479BFA-D16E-4417-B6FB-AC4A66D359CE}
2012-01-15 09:08:01 -------- d-----w- C:\Users\Goodie\AppData\Local\{B3735E2E-6418-40AA-A048-80991BDB05BF}
2012-01-15 09:07:49 -------- d-----w- C:\Users\Goodie\AppData\Local\{4113490E-D3FC-426F-A564-620DFC0DD739}
2012-01-15 04:25:46 -------- d-----w- C:\Users\Goodie\AppData\Local\{C4189CD9-9667-454E-B550-C108512A844D}
2012-01-15 04:25:32 -------- d-----w- C:\Users\Goodie\AppData\Local\{3EB10A6B-F8B8-4D01-AAA6-0491436EB629}
2012-01-14 20:08:56 -------- d-----w- C:\ProgramData\MFAData
2012-01-14 07:40:22 -------- d-----w- C:\Users\Goodie\AppData\Local\{9CEE5219-C622-4C3D-BA6B-91BB1484E4C6}
2012-01-14 07:40:10 -------- d-----w- C:\Users\Goodie\AppData\Local\{BD292D25-F6EF-4601-A2D3-899333837D6D}
2012-01-13 22:36:19 -------- d-----w- C:\Users\Goodie\AppData\Local\{3404FBE1-8B84-494C-B10F-C415ADED6FE0}
2012-01-13 22:36:07 -------- d-----w- C:\Users\Goodie\AppData\Local\{FE167B57-F4A1-4303-B85B-60BA76DC7D29}
2012-01-10 05:17:21 -------- d-----w- C:\Users\Goodie\AppData\Local\{77E60465-378E-40B5-A860-110C43140871}
2012-01-10 05:17:09 -------- d-----w- C:\Users\Goodie\AppData\Local\{4A4CC26D-1332-483E-AA0F-1BE9269EF4B1}
2012-01-09 07:09:13 -------- d-----w- C:\Users\Goodie\AppData\Local\{A74102DB-F6B8-45DF-9976-616390428301}
2012-01-09 07:09:01 -------- d-----w- C:\Users\Goodie\AppData\Local\{499A606D-44B3-4A1C-8C81-565152910DCD}
2012-01-09 06:54:13 -------- d-----w- C:\Users\Goodie\AppData\Local\{51D9AFCF-9F45-4659-88DA-8ACB3D47FB78}
2012-01-09 06:54:01 -------- d-----w- C:\Users\Goodie\AppData\Local\{820E7C1A-0984-4196-BF49-FFF877A66A13}
2012-01-08 12:32:55 -------- d-----w- C:\Users\Goodie\AppData\Local\{741F9BF5-1B4E-479E-9183-D9C048ECB294}
2012-01-08 12:32:43 -------- d-----w- C:\Users\Goodie\AppData\Local\{5334BF11-3834-4BCA-9F45-277A57F749AF}
2012-01-05 22:31:35 -------- d-----w- C:\Users\Goodie\AppData\Local\{7D76D3B8-1C7D-46A2-B1E0-5652CD611136}
2012-01-05 22:31:23 -------- d-----w- C:\Users\Goodie\AppData\Local\{E7831E2B-8D8A-48B6-B3CF-17B36465891F}
2012-01-03 20:37:01 40960 ----a-w- C:\Windows\SysWow64\eax.dll
2012-01-03 20:37:01 -------- d-----w- C:\Program Files (x86)\Creative Labs
2012-01-03 20:34:59 -------- d-----w- C:\Program Files (x86)\Square Soft, Inc
2012-01-03 20:31:53 306688 ----a-w- C:\Windows\IsUninst.exe
2011-12-28 00:24:59 67032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
2011-12-28 00:24:59 25560 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-12-28 00:24:59 140760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-12-28 00:24:58 849368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
2011-12-28 00:24:58 505816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
2011-12-23 02:46:27 -------- d-----w- C:\Users\Goodie\AppData\Local\{B484567B-2CB7-40F7-AF55-7817974C495A}
2011-12-21 13:07:09 -------- d-----w- C:\Users\Goodie\AppData\Local\{D9724FD2-1A60-497A-9442-0A92C152C6C0}
2011-12-20 08:56:52 -------- d-----w- C:\Users\Goodie\AppData\Local\{8EF72704-F585-4DBA-90BD-05BCC243D1A9}
2011-12-20 08:56:39 -------- d-----w- C:\Users\Goodie\AppData\Local\{2C8AB36B-D838-4A8E-B0B6-4C6AE60D7EB4}
.
==================== Find3M ====================
.
2012-01-18 14:16:58 6656 ----a-w- C:\Windows\System32\lpcio.dll
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-11 15:13:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-09 06:35:25 2892 ----a-w- C:\Windows\SysWow64\audcon.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-01 10:14:44 214816 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-01 10:14:44 214816 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-26 20:58:12 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-10-26 05:22:37 366592 ----a-w- C:\Windows\System32\qdvd.dll
2011-10-26 05:22:37 1572864 ----a-w- C:\Windows\System32\quartz.dll
2011-10-26 04:28:26 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2011-10-26 04:28:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 10:15:37.49 ===============

ken545
2012-01-30, 23:49
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Don't really see a whole lot going on, lets check a few things


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

DeepFriedMotherboard
2012-01-31, 09:35
I was asked to install avast before I ran the scan, but I chose not to install for the time being. Here's the log:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-31 02:26:15
-----------------------------
02:26:15.188 OS Version: Windows x64 6.1.7600
02:26:15.190 Number of processors: 1 586 0x7C02
02:26:15.191 ComputerName: GOODIE-PC UserName: Goodie
02:26:16.536 Initialize success
02:32:35.816 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:32:35.821 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
02:32:35.846 Disk 0 MBR read successfully
02:32:35.851 Disk 0 MBR scan
02:32:35.856 Disk 0 Windows 7 default MBR code
02:32:35.867 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
02:32:35.891 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
02:32:35.914 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
02:32:35.923 Service scanning
02:32:38.505 Modules scanning
02:32:38.519 Disk 0 trace - called modules:
02:32:38.579 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:32:38.590 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003022790]
02:32:38.599 3 CLASSPNP.SYS[fffff8800108743f] -> nt!IofCallDriver -> [0xfffffa8003050e40]
02:32:38.627 5 ACPI.sys[fffff88000fa1781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fe1060]
02:32:38.643 Scan finished successfully
02:34:11.680 Disk 0 MBR has been saved successfully to "C:\Users\Goodie\Desktop\ProcEx\MBR.dat"
02:34:11.683 The log file has been saved successfully to "C:\Users\Goodie\Desktop\ProcEx\aswMBR.txt"

ken545
2012-01-31, 11:11
Good Morning,

Just copy and paste the logs we ask for into this thread in lew of attaching them, its easier for us to analyse , unless we ask for one to be attached.

Not sure but possibly your Master Boot Record is infected.

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

DeepFriedMotherboard
2012-02-01, 01:31
Evening! Alright, I'll copy and paste instead. Here's my MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5532
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 199):
0x02C55000 \SystemRoot\system32\ntoskrnl.exe
0x02C0C000 \SystemRoot\system32\hal.dll
0x00BB0000 \SystemRoot\system32\kdcom.dll
0x00CA1000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CAE000 \SystemRoot\system32\PSHED.dll
0x00CC2000 \SystemRoot\system32\CLFS.SYS
0x00D20000 \SystemRoot\system32\CI.dll
0x00EE3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F87000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F96000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FED000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FF6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DE0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C09000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C33000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00C3E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C4E000 \SystemRoot\system32\drivers\amdxata.sys
0x010BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x0110B000 \SystemRoot\system32\drivers\fileinfo.sys
0x01218000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0111F000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0117D000 \SystemRoot\System32\Drivers\cng.sys
0x013D4000 \SystemRoot\System32\drivers\pcw.sys
0x013E5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01441000 \SystemRoot\system32\drivers\ndis.sys
0x01533000 \SystemRoot\system32\drivers\NETIO.SYS
0x01593000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015BE000 \SystemRoot\System32\Drivers\spldr.sys
0x015C6000 \SystemRoot\System32\drivers\rdyboost.sys
0x01400000 \SystemRoot\System32\Drivers\mup.sys
0x01412000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0104C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0141B000 \SystemRoot\system32\DRIVERS\disk.sys
0x01086000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01431000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x00C6C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x010B6000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x011F0000 \SystemRoot\System32\Drivers\Null.SYS
0x01439000 \SystemRoot\System32\Drivers\Beep.SYS
0x032CF000 \SystemRoot\System32\drivers\vga.sys
0x032DD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03302000 \SystemRoot\System32\drivers\watchdog.sys
0x03312000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0331B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03324000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0332D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03338000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02800000 \SystemRoot\System32\drivers\tcpip.sys
0x03365000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x033AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x033CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03200000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03251000 \SystemRoot\System32\DRIVERS\netbt.sys
0x038E8000 \SystemRoot\system32\drivers\afd.sys
0x03971000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0397A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x039A0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x039B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x039C5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x039E0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03800000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03851000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0385D000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x03870000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x03878000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03883000 \SystemRoot\System32\drivers\discache.sys
0x03892000 \SystemRoot\System32\Drivers\dfsc.sys
0x038B0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x038C1000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03ACD000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03B14000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B3A000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x04445000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04A5C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B50000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E56000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04131000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0413E000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04153000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x0415B000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04163000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0416E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041C4000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x041D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E24000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03E42000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x041E1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04B96000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x041F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04BDF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041F2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x041FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04BEE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04400000 \SystemRoot\system32\DRIVERS\dne64x.sys
0x0442C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B51000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03B75000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B81000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BB0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BCB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03E4E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03A1A000 \SystemRoot\system32\DRIVERS\ks.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03A6F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x038C9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C02000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04EE2000 \SystemRoot\system32\drivers\portcls.sys
0x04F1F000 \SystemRoot\system32\drivers\drmk.sys
0x04F41000 \SystemRoot\system32\drivers\ksthunk.sys
0x04F47000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04F55000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04F61000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04F6C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x04F7F000 \SystemRoot\System32\drivers\Dxapi.sys
0x04FDD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x04E00000 \SystemRoot\system32\drivers\luafv.sys
0x04E23000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E59000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04EAC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04EBF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04ED7000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02E3D000 \SystemRoot\system32\drivers\HTTP.sys
0x02F05000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02F23000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02F3B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02F68000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02FB6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02FD9000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys
0x0426E000 \SystemRoot\system32\drivers\peauth.sys
0x04314000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0431F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0434C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0435E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x054C2000 \SystemRoot\System32\DRIVERS\srv.sys
0x05557000 \??\C:\Windows\system32\drivers\mbam.sys
0x05400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0541D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0542B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05444000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05561000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04200000 \SystemRoot\system32\DRIVERS\udfs.sys
0x055E7000 \??\C:\Users\Goodie\AppData\Local\Temp\aswMBR.sys
0x05451000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77500000 \Windows\System32\ntdll.dll
0x47D60000 \Windows\System32\smss.exe
0xFF820000 \Windows\System32\apisetschema.dll
0xFF290000 \Windows\System32\autochk.exe
0xFF630000 \Windows\System32\setupapi.dll
0xFF590000 \Windows\System32\msvcrt.dll
0xFF570000 \Windows\System32\sechost.dll
0xFF500000 \Windows\System32\gdi32.dll
0x776D0000 \Windows\System32\normaliz.dll
0xFF380000 \Windows\System32\urlmon.dll
0xFF2E0000 \Windows\System32\comdlg32.dll
0x773E0000 \Windows\System32\kernel32.dll
0xFF2D0000 \Windows\System32\nsi.dll
0xFF2B0000 \Windows\System32\imagehlp.dll
0xFF050000 \Windows\System32\iertutil.dll
0xFF040000 \Windows\System32\lpk.dll
0xFEFC0000 \Windows\System32\shlwapi.dll
0x772E0000 \Windows\System32\user32.dll
0xFEF70000 \Windows\System32\Wldap32.dll
0xFED60000 \Windows\System32\ole32.dll
0xFEC50000 \Windows\System32\msctf.dll
0xFEB70000 \Windows\System32\advapi32.dll
0xFEB40000 \Windows\System32\imm32.dll
0xFEA10000 \Windows\System32\wininet.dll
0xFE930000 \Windows\System32\oleaut32.dll
0xFE860000 \Windows\System32\usp10.dll
0x776C0000 \Windows\System32\psapi.dll
0xFE810000 \Windows\System32\ws2_32.dll
0xFE6E0000 \Windows\System32\rpcrt4.dll
0xFE660000 \Windows\System32\difxapi.dll
0xFD8D0000 \Windows\System32\shell32.dll
0xFD830000 \Windows\System32\clbcatq.dll
0xFD7C0000 \Windows\System32\KernelBase.dll
0xFD780000 \Windows\System32\cfgmgr32.dll
0xFD610000 \Windows\System32\crypt32.dll
0xFD5D0000 \Windows\System32\wintrust.dll
0xFD530000 \Windows\System32\comctl32.dll
0xFD510000 \Windows\System32\devobj.dll
0xFD500000 \Windows\System32\msasn1.dll
0x75810000 \Windows\SysWOW64\normaliz.dll

Processes (total 54):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
408 csrss.exe
480 C:\Windows\System32\wininit.exe
488 csrss.exe
536 C:\Windows\System32\services.exe
544 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\winlogon.exe
704 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\atiesrxx.exe
980 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
316 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\atieclxx.exe
1224 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\wlanext.exe
1284 C:\Windows\System32\conhost.exe
1408 C:\Windows\System32\spoolsv.exe
1440 C:\Windows\System32\svchost.exe
1588 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1608 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1656 C:\Windows\System32\svchost.exe
1716 C:\Windows\SysWOW64\PnkBstrA.exe
1744 C:\Windows\SysWOW64\PnkBstrB.exe
1776 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
1860 C:\Windows\System32\svchost.exe
1940 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1504 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2056 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2120 C:\Windows\System32\svchost.exe
2516 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
2524 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
2596 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
2824 C:\Windows\System32\taskhost.exe
2908 C:\Windows\System32\dwm.exe
2920 C:\Windows\explorer.exe
3044 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2744 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3084 C:\Windows\System32\SearchIndexer.exe
3376 C:\Program Files\Windows Media Player\wmpnetwk.exe
3868 C:\Windows\System32\svchost.exe
2888 dllhost.exe
3624 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3228 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
788 C:\Windows\System32\SearchProtocolHost.exe
4064 C:\Windows\System32\SearchFilterHost.exe
4212 C:\Windows\explorer.exe
3728 C:\Windows\System32\audiodg.exe
784 C:\Users\Goodie\Desktop\ProcEx\MBRCheck.exe
4348 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ken545
2012-02-01, 02:20
Great, thank you

I was concerned that maybe your master boot record was infected but it looks fine.

Lets take a deeper look

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

DeepFriedMotherboard
2012-02-01, 09:33
No problem,

I'm not an expert by any means but I'm not a novice either, so I'm pretty well versed in keeping my computer clean. This has stumped me though, as I said, so hopefully you can find something.

Here's my OTL.txt:

OTL logfile created on: 2/1/2012 2:22:40 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Goodie\Desktop\ProcEx
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 61.81% Memory free
3.72 Gb Paging File | 2.27 Gb Available in Paging File | 60.90% Paging File free
Paging file location(s): c:\pagefile.sys 1000 2000

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 49.33 Gb Free Space | 36.02% Space Free | Partition Type: NTFS

Computer Name: GOODIE-PC | User Name: Goodie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Goodie\Desktop\ProcEx\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1163633.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (L6UX2) -- C:\Windows\SysNative\drivers\L6UX264.sys (Line 6)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SWIPsec) -- C:\Windows\SysNative\drivers\SWIPsec.sys (SonicWALL, Inc.)
DRV:64bit: - (SWVNIC) -- C:\Windows\SysNative\drivers\SWVNIC.sys (SonicWALL, Inc.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d525l0354z1l5t48i2x201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d525l0354z1l5t48i2x201
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2724196807-672329828-52213437-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2724196807-672329828-52213437-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Goodie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Goodie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Goodie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011/09/13 07:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 19:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 14:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 19:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 14:24:09 | 000,000,000 | ---D | M]

[2010/01/21 10:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Extensions
[2012/01/31 18:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions
[2010/04/08 22:35:46 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/11 10:59:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/27 19:25:34 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2011/11/08 23:53:10 | 000,002,567 | ---- | M] () -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\searchplugins\askcom.xml
[2010/04/08 22:38:33 | 000,001,196 | ---- | M] () -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\searchplugins\winamp-search.xml
[2011/12/27 19:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 07:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/13 07:27:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Goodie\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Goodie\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Goodie\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Goodie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/21 19:46:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2724196807-672329828-52213437-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2724196807-672329828-52213437-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Winamp Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Winamp Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6DECB5-51A1-426B-8B87-D7FFCBAC5329}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 08:14:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012/01/18 06:19:52 | 000,000,000 | ---D | C] -- C:\Users\Goodie\Desktop\Reg
[2012/01/18 05:58:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/18 05:30:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/18 05:29:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/18 05:29:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/18 05:29:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/18 05:29:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/18 05:29:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/18 05:29:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/18 05:29:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/18 05:29:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/18 05:29:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/18 05:29:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/18 05:29:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/18 05:29:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/18 05:29:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/18 05:29:49 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/18 05:29:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/18 05:29:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/01/18 05:29:24 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/01/18 05:29:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/01/18 05:29:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/01/18 05:29:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/18 05:29:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/01/18 05:29:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/01/18 05:29:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/01/18 05:29:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/01/18 05:29:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/01/18 05:29:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/01/18 05:29:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/01/18 05:29:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/18 05:29:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/18 05:29:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/01/18 05:29:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/01/18 05:29:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/01/18 05:29:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/01/18 05:29:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/18 05:29:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/18 05:29:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/18 05:29:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/18 05:29:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/18 05:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/01/18 05:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/01/18 05:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/01/18 05:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/01/18 05:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/01/18 05:29:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/01/18 05:28:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/01/18 05:28:46 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/01/18 05:28:46 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/01/18 05:28:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/01/18 05:28:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/01/18 05:28:46 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/01/18 05:28:46 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/01/18 05:28:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/01/18 05:28:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/01/18 05:28:41 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/18 05:28:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/18 05:28:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/18 05:28:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/18 05:28:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/18 05:28:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/18 05:28:33 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/01/18 05:28:33 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/01/18 05:28:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/18 05:28:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/18 05:28:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/18 05:28:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/18 05:28:17 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/01/18 05:28:17 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/01/18 05:28:16 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/01/18 05:28:16 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/01/18 05:28:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/01/18 05:28:16 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/01/18 05:28:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/01/18 05:28:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/01/18 05:28:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/01/18 05:28:16 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/01/18 05:28:14 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/18 05:28:07 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/18 05:28:07 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/18 05:28:05 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/01/18 05:28:05 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/01/18 05:28:03 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/01/18 05:28:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/01/18 05:28:01 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/01/18 05:27:58 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/01/18 05:27:56 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/01/18 05:19:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/18 05:19:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/16 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{AB0689C1-1A17-4BEC-80C7-C83F569E3F03}
[2012/01/16 11:40:49 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{A3479BFA-D16E-4417-B6FB-AC4A66D359CE}
[2012/01/15 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Goodie\Desktop\ProcEx
[2012/01/15 04:08:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{B3735E2E-6418-40AA-A048-80991BDB05BF}
[2012/01/15 04:07:49 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{4113490E-D3FC-426F-A564-620DFC0DD739}
[2012/01/14 23:25:46 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{C4189CD9-9667-454E-B550-C108512A844D}
[2012/01/14 23:25:32 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{3EB10A6B-F8B8-4D01-AAA6-0491436EB629}
[2012/01/14 15:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/14 02:40:22 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{9CEE5219-C622-4C3D-BA6B-91BB1484E4C6}
[2012/01/14 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{BD292D25-F6EF-4601-A2D3-899333837D6D}
[2012/01/13 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{3404FBE1-8B84-494C-B10F-C415ADED6FE0}
[2012/01/13 17:36:07 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{FE167B57-F4A1-4303-B85B-60BA76DC7D29}
[2012/01/10 00:17:21 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{77E60465-378E-40B5-A860-110C43140871}
[2012/01/10 00:17:09 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{4A4CC26D-1332-483E-AA0F-1BE9269EF4B1}
[2012/01/09 02:09:13 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{A74102DB-F6B8-45DF-9976-616390428301}
[2012/01/09 02:09:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{499A606D-44B3-4A1C-8C81-565152910DCD}
[2012/01/09 01:54:13 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{51D9AFCF-9F45-4659-88DA-8ACB3D47FB78}
[2012/01/09 01:54:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{820E7C1A-0984-4196-BF49-FFF877A66A13}
[2012/01/08 07:32:55 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{741F9BF5-1B4E-479E-9183-D9C048ECB294}
[2012/01/08 07:32:43 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{5334BF11-3834-4BCA-9F45-277A57F749AF}
[2012/01/05 17:31:35 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{7D76D3B8-1C7D-46A2-B1E0-5652CD611136}
[2012/01/05 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{E7831E2B-8D8A-48B6-B3CF-17B36465891F}
[2012/01/03 15:37:01 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\eax.dll
[2012/01/03 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Labs
[2012/01/03 15:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FINAL FANTASY VIII
[2012/01/03 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Soft, Inc
[2012/01/03 15:31:53 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

========== Files - Modified Within 30 Days ==========

[2012/02/01 02:15:59 | 000,750,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/01 02:15:59 | 000,637,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/01 02:15:59 | 000,116,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 02:15:23 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2724196807-672329828-52213437-1001UA.job
[2012/02/01 02:14:51 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 02:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 19:46:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/31 19:15:06 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2724196807-672329828-52213437-1001Core.job
[2012/01/31 18:21:45 | 092,324,491 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/01/30 20:27:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 20:27:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 17:37:34 | 000,042,906 | ---- | M] () -- C:\Users\Goodie\Documents\2011_Federal_Return.pdf
[2012/01/24 07:42:43 | 000,002,403 | ---- | M] () -- C:\Users\Goodie\Desktop\Google Chrome.lnk
[2012/01/18 09:16:58 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll
[2012/01/18 06:22:53 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/14 15:09:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2012/01/14 15:09:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm

========== Files Created - No Company Name ==========

[2012/01/28 17:37:34 | 000,042,906 | ---- | C] () -- C:\Users\Goodie\Documents\2011_Federal_Return.pdf
[2011/11/21 19:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 19:31:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 19:31:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 19:31:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 19:31:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/09 01:35:25 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011/11/09 01:33:35 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011/11/09 01:33:33 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011/11/01 04:58:45 | 000,214,816 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/01 21:32:11 | 000,007,601 | ---- | C] () -- C:\Users\Goodie\AppData\Local\Resmon.ResmonCfg
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/09/26 19:16:36 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/03/31 19:45:11 | 001,907,712 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/03/31 19:45:11 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/03/31 19:45:11 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/03/31 19:45:11 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/03/31 19:45:11 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/03/25 17:29:35 | 000,000,094 | ---- | C] () -- C:\Users\Goodie\AppData\Local\fusioncache.dat
[2010/03/25 17:26:15 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/25 17:22:46 | 000,747,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/25 15:48:19 | 000,000,785 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/01/04 02:02:25 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/03 20:45:23 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/03 20:45:13 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2009/11/05 14:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/10/04 23:38:32 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\.minecraft
[2011/08/14 06:47:33 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\abgx360
[2010/04/16 21:44:57 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Ableton
[2010/01/04 06:33:40 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Acer
[2011/11/05 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Audacity
[2011/01/29 11:46:56 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\DVDFab
[2011/06/10 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\icefinch.net
[2010/01/11 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\ImgBurn
[2011/10/26 16:27:13 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\iZotope
[2010/01/04 06:33:39 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Leadertech
[2010/03/15 08:36:47 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Line 6
[2011/11/11 10:43:29 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\LolClient
[2011/01/31 14:44:43 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\mjusbsp
[2010/05/07 20:33:06 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\My Battle for Middle-earth Files
[2010/03/15 07:21:57 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\PACE Anti-Piracy
[2010/03/15 07:43:31 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Propellerhead Software
[2011/11/09 01:35:52 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Steinberg
[2011/04/19 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\SynthMaker
[2010/01/03 19:20:19 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Thinstall
[2011/01/15 14:31:37 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\TightVNC
[2012/01/18 06:17:15 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\TS3Client
[2010/03/25 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Turbine
[2011/06/17 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Unity
[2010/03/31 19:02:43 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Western Digital
[2010/01/03 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\WildTangent
[2011/06/18 21:56:59 | 000,000,000 | ---D | M] -- C:\Users\Goodie\AppData\Roaming\Windows Live Writer
[2012/01/18 17:03:30 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

DeepFriedMotherboard
2012-02-01, 09:34
And here's my Extras.txt:

OTL Extras logfile created on: 2/1/2012 2:22:40 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Goodie\Desktop\ProcEx
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 61.81% Memory free
3.72 Gb Paging File | 2.27 Gb Available in Paging File | 60.90% Paging File free
Paging file location(s): c:\pagefile.sys 1000 2000

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 49.33 Gb Free Space | 36.02% Space Free | Partition Type: NTFS

Computer Name: GOODIE-PC | User Name: Goodie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2724196807-672329828-52213437-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AE42C63-E904-43B0-AE88-26D8B041CFE5}" = True Launch Bar: Wireless Monitor plugin
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}" = SonicWALL Global VPN Client
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC712CA0-A945-11d4-A594-956F6349FC18}" = True Launch Bar
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.11
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars(TM)
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"abgx360" = abgx360 v1.0.5
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"Bejeweled 31.0.8.6128" = Bejeweled 3
"bitRipper" = bitRipper
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Drumaxx" = Drumaxx
"DVDFab 8_is1" = DVDFab 8.0.6.5 (27/12/2010)
"EASEUS Partition Master Unlimited Edition_is1" = EASEUS Partition Master 3.5 Unlimited Edition
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"eLicenser Control" = eLicenser Control
"FINAL FANTASY VIII" = FINAL FANTASY VIII
"FL Studio 9" = FL Studio 9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"JDownloader" = JDownloader
"Line 6 Uninstaller" = Line 6 Uninstaller
"Live 7.0.18" = Live 7.0.18
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PoiZone" = PoiZone
"Reason4Adapted_is1" = Reason Adapted 4.0.1
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Renegade" = Command & Conquer Renegade
"RiffWorks T4" = RiffWorks T4
"Sakura" = Sakura
"Sawer" = Sawer
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"TightVNC" = TightVNC 2.0.2
"ToneGen" = NCH Tone Generator
"Toxic Biohazard" = Toxic Biohazard
"Veoh Web Player Beta" = Veoh Web Player
"WaveLabLE7" = WaveLab LE 7
"WBFS Manager 3.0" = WBFS Manager 3.0
"Westwood Chat" = Westwood Chat 4.221
"WildTangent acer Master Uninstall" = Acer Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2724196807-672329828-52213437-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360GAMESPATCHERCLT" = 360GamesPatcher (Client setup)
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"magicJack" = magicJack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2012 8:29:34 PM | Computer Name = Goodie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JewelQuest3.exe, version: 1.1.1.0, time
stamp: 0x48b364d1 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time
stamp: 0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00008aa0 Faulting process
id: 0xd38 Faulting application start time: 0x01ccd18968374abc Faulting application
path: C:\Program Files (x86)\Jewel Quest 3\JewelQuest3.exe Faulting module path:
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: a9f7a1a8-3d7d-11e1-b776-0026228de3b0

Error - 1/13/2012 6:16:03 PM | Computer Name = Goodie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 12:35:40 AM | Computer Name = Goodie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JewelQuest3.exe, version: 1.1.1.0, time
stamp: 0x48b364d1 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time
stamp: 0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00008aa0 Faulting process
id: 0xc28 Faulting application start time: 0x01ccd270b94c4288 Faulting application
path: C:\Program Files (x86)\Jewel Quest 3\JewelQuest3.exe Faulting module path:
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 35d015a2-3e69-11e1-acc1-0026228de3b0

Error - 1/14/2012 3:39:31 AM | Computer Name = Goodie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 3:41:36 AM | Computer Name = Goodie-PC | Source = MsiInstaller | ID = 11730
Description =

Error - 1/14/2012 9:48:23 AM | Computer Name = Goodie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 4:08:37 PM | Computer Name = Goodie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/14/2012 9:19:41 PM | Computer Name = Goodie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/15/2012 12:25:22 AM | Computer Name = Goodie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/15/2012 3:23:56 AM | Computer Name = Goodie-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4363 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ccc Start
Time: 01ccd356257c0a8f Termination Time: 34 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: dfc73ede-3f49-11e1-b948-0026228de3b0

[ System Events ]
Error - 1/31/2012 8:00:24 PM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 1/31/2012 9:00:35 PM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 1/31/2012 9:19:08 PM | Computer Name = Goodie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 1/31/2012 9:19:09 PM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 1/31/2012 10:39:29 PM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/1/2012 12:10:53 AM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/1/2012 12:59:11 AM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/1/2012 12:59:31 AM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/1/2012 1:58:57 AM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/1/2012 3:13:20 AM | Computer Name = Goodie-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

ken545
2012-02-01, 11:16
Good Morning,

This will clean you up a bit more, when you post the new OTL log there are a few things I need to look at


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses


:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
O3 - HKU\S-1-5-21-2724196807-672329828-52213437-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

DeepFriedMotherboard
2012-02-01, 14:56
So I tried running the command script that you gave me and I don't think it worked. I got no log or anything after clicking Run Fix. OTL just went into nonresponsiveness and eventually said it was unable to create a .bat file. In the custom script box it just says:

"ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]"

It wouldn't let me copy paste what's in the quotes, I can close minimize or cascade the window but not click run scan or run fix. On the status bar at the bottom it says:

"Processing O3 - HKU\S-1-5-21-272=4196807-672329828-52213437-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found..."

Let me know where to go from here, or if I'm screwing something up.

DeepFriedMotherboard
2012-02-01, 15:57
The .bat file was named cmd.bat. I moved the location of OTL.exe to the desktop as opposed to inside a folder on the desktop, I ran it after the move. Pretty much the same results except this time it created a cmd.bat but still gave the same error it couldn't be created, and it even froze up the computer. Two hidden files were created both called desktop.ini after I rebooted the computer (it was frozen for about 45 minutes so I decided to hard reboot), but it still doesn't seem like it was quite supposed to do that. Just incase you wanted to see the files here they are:


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~2\MICROS~3\mui\oaa.dll,-103
Acer Registration.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Enregistrement Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Registrazione Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Registro de Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Registratie.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Registrierung.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Registo Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Registrering af Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Rekisteröinti.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer-registrering.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Registrace Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Εγγραφή.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Regisztráció.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Rejestracja — Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Kayıt.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Înregistrare Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Регистрация Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer ユーザー登録.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer 注册.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer 註冊.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Registreerimine.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Registracija.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Reģistrācija.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer Регистрация.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
การลงทะเบียน Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer تسجيل.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer - Registrácia.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Registracija Acer.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101
Acer 등록.lnk=@C:\Program Files (x86)\Acer\Registration\GlobalRegistrationMUI.dll,-101

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183



Also after reboot a cmd.bat was left over, I double clicked it and received a cmd.txt This is what the cmd.txt contained:


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d481:ae5f:b9f0:f657%12
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{FF6DECB5-51A1-426B-8B87-D7FFCBAC5329}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c27:df9:e777:dcf8
Link-local IPv6 Address . . . . . : fe80::1c27:df9:e777:dcf8%13
Default Gateway . . . . . . . . . : ::

Tunnel adapter Reusable ISATAP Interface {F9EDEDC8-B9C8-42E6-9BDD-1301564DBD36}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{856ED3C4-B8B5-470E-B3C2-641E5FDB459F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.{E8833CD9-B6ED-45F1-9021-F4F6EBD669D5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

DeepFriedMotherboard
2012-02-01, 15:59
Sorry about the triple post but after I ran that cmd.bat my wireless networked got switched to an unidentified wireless network, with no internet connection. Seems strange.

Thanks for all the help.

ken545
2012-02-01, 19:14
Hey, there was no reason to run the bat file. Reboot and see if things straighten out

DeepFriedMotherboard
2012-02-02, 03:47
The reboot did nothing. When I enter the script you gave me and hit run fix it freezes up OTL and kicks me off my wireless network. I can get back onto the internet, obviously.

When it starts doing its task the bar fills up an iota and then it freezes as mentioned before. The same error message pops up ever time:

"unable to create ../cmd.bat"

Either something in the script you gave me isn't working with my computer (lack of access to write files maybe?) or there's something preventing it from working.

DeepFriedMotherboard
2012-02-02, 03:58
Please see post above if this log is inconclusive

I scanned again in case the script worked, here's the OTL.txt:

OTL logfile created on: 2/1/2012 8:50:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Goodie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 60.43% Memory free
3.72 Gb Paging File | 2.49 Gb Available in Paging File | 66.79% Paging File free
Paging file location(s): c:\pagefile.sys 1000 2000

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 49.41 Gb Free Space | 36.08% Space Free | Partition Type: NTFS

Computer Name: GOODIE-PC | User Name: Goodie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Goodie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (L6UX2) -- C:\Windows\SysNative\drivers\L6UX264.sys (Line 6)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SWIPsec) -- C:\Windows\SysNative\drivers\SWIPsec.sys (SonicWALL, Inc.)
DRV:64bit: - (SWVNIC) -- C:\Windows\SysNative\drivers\SWVNIC.sys (SonicWALL, Inc.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d525l0354z1l5t48i2x201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d525l0354z1l5t48i2x201
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Goodie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Goodie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Goodie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011/09/13 07:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 19:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 14:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/27 19:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 14:24:09 | 000,000,000 | ---D | M]

[2010/01/21 10:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Extensions
[2012/02/01 20:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions
[2010/04/08 22:35:46 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/07/11 10:59:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/27 19:25:34 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2011/11/08 23:53:10 | 000,002,567 | ---- | M] () -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\searchplugins\askcom.xml
[2010/04/08 22:38:33 | 000,001,196 | ---- | M] () -- C:\Users\Goodie\AppData\Roaming\Mozilla\Firefox\Profiles\v8wq4swi.default\searchplugins\winamp-search.xml
[2011/12/27 19:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 07:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/13 07:27:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Goodie\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Goodie\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Goodie\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Goodie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/21 19:46:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Winamp Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Winamp Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6DECB5-51A1-426B-8B87-D7FFCBAC5329}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 20:38:32 | 000,000,000 | ---D | C] -- C:\OTL
[2012/02/01 07:36:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/01 02:20:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Goodie\Desktop\OTL.exe
[2012/01/18 08:14:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012/01/18 06:19:52 | 000,000,000 | ---D | C] -- C:\Users\Goodie\Desktop\Reg
[2012/01/18 05:30:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/18 05:29:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/18 05:29:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/18 05:29:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/18 05:29:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/18 05:29:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/18 05:29:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/18 05:29:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/18 05:29:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/18 05:29:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/18 05:29:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/18 05:29:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/18 05:29:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/18 05:29:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/18 05:29:49 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/18 05:29:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/18 05:29:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/01/18 05:29:24 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/01/18 05:29:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/01/18 05:29:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/01/18 05:29:24 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/18 05:29:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/01/18 05:29:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/01/18 05:29:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/01/18 05:29:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/01/18 05:29:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/01/18 05:29:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/01/18 05:29:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/01/18 05:29:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/18 05:29:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/18 05:29:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/01/18 05:29:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/01/18 05:29:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/18 05:29:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/01/18 05:29:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/01/18 05:29:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/01/18 05:29:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/01/18 05:29:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/01/18 05:29:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/01/18 05:29:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/18 05:29:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/01/18 05:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/01/18 05:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/01/18 05:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/01/18 05:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/01/18 05:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/01/18 05:29:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/01/18 05:28:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/01/18 05:28:46 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/01/18 05:28:46 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/01/18 05:28:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/01/18 05:28:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/01/18 05:28:46 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/01/18 05:28:46 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/01/18 05:28:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/01/18 05:28:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/01/18 05:28:41 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/18 05:28:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/18 05:28:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/18 05:28:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/18 05:28:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/18 05:28:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/18 05:28:33 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/01/18 05:28:33 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/01/18 05:28:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/18 05:28:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/18 05:28:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/18 05:28:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/18 05:28:17 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/01/18 05:28:17 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/01/18 05:28:16 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/01/18 05:28:16 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/01/18 05:28:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/01/18 05:28:16 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/01/18 05:28:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/01/18 05:28:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/01/18 05:28:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/01/18 05:28:16 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/01/18 05:28:14 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/18 05:28:07 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/18 05:28:07 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/18 05:28:05 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/01/18 05:28:05 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/01/18 05:28:03 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/01/18 05:28:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/01/18 05:28:01 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/01/18 05:27:58 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/01/18 05:27:56 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/01/18 05:19:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/18 05:19:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/16 11:41:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{AB0689C1-1A17-4BEC-80C7-C83F569E3F03}
[2012/01/16 11:40:49 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{A3479BFA-D16E-4417-B6FB-AC4A66D359CE}
[2012/01/15 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Goodie\Desktop\ProcEx
[2012/01/15 04:08:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{B3735E2E-6418-40AA-A048-80991BDB05BF}
[2012/01/15 04:07:49 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{4113490E-D3FC-426F-A564-620DFC0DD739}
[2012/01/14 23:25:46 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{C4189CD9-9667-454E-B550-C108512A844D}
[2012/01/14 23:25:32 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{3EB10A6B-F8B8-4D01-AAA6-0491436EB629}
[2012/01/14 15:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/14 02:40:22 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{9CEE5219-C622-4C3D-BA6B-91BB1484E4C6}
[2012/01/14 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{BD292D25-F6EF-4601-A2D3-899333837D6D}
[2012/01/13 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{3404FBE1-8B84-494C-B10F-C415ADED6FE0}
[2012/01/13 17:36:07 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{FE167B57-F4A1-4303-B85B-60BA76DC7D29}
[2012/01/10 00:17:21 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{77E60465-378E-40B5-A860-110C43140871}
[2012/01/10 00:17:09 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{4A4CC26D-1332-483E-AA0F-1BE9269EF4B1}
[2012/01/09 02:09:13 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{A74102DB-F6B8-45DF-9976-616390428301}
[2012/01/09 02:09:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{499A606D-44B3-4A1C-8C81-565152910DCD}
[2012/01/09 01:54:13 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{51D9AFCF-9F45-4659-88DA-8ACB3D47FB78}
[2012/01/09 01:54:01 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{820E7C1A-0984-4196-BF49-FFF877A66A13}
[2012/01/08 07:32:55 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{741F9BF5-1B4E-479E-9183-D9C048ECB294}
[2012/01/08 07:32:43 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{5334BF11-3834-4BCA-9F45-277A57F749AF}
[2012/01/05 17:31:35 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{7D76D3B8-1C7D-46A2-B1E0-5652CD611136}
[2012/01/05 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\Goodie\AppData\Local\{E7831E2B-8D8A-48B6-B3CF-17B36465891F}
[2012/01/03 15:37:01 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\eax.dll
[2012/01/03 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Labs
[2012/01/03 15:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FINAL FANTASY VIII
[2012/01/03 15:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Soft, Inc
[2012/01/03 15:31:53 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

========== Files - Modified Within 30 Days ==========

[2012/02/01 20:37:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 20:37:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 20:35:39 | 000,750,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/01 20:35:39 | 000,637,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/01 20:35:39 | 000,116,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 20:32:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 20:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 20:22:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 20:21:33 | 092,387,207 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/01 20:21:30 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2724196807-672329828-52213437-1001UA.job
[2012/02/01 04:21:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2724196807-672329828-52213437-1001Core.job
[2012/02/01 02:20:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Goodie\Desktop\OTL.exe
[2012/01/28 17:37:34 | 000,042,906 | ---- | M] () -- C:\Users\Goodie\Documents\2011_Federal_Return.pdf
[2012/01/24 07:42:43 | 000,002,403 | ---- | M] () -- C:\Users\Goodie\Desktop\Google Chrome.lnk
[2012/01/18 09:16:58 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll
[2012/01/18 06:22:53 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/14 15:09:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2012/01/14 15:09:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm

========== Files Created - No Company Name ==========

[2012/01/28 17:37:34 | 000,042,906 | ---- | C] () -- C:\Users\Goodie\Documents\2011_Federal_Return.pdf
[2011/11/21 19:31:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 19:31:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 19:31:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 19:31:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 19:31:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/09 01:35:25 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011/11/09 01:33:35 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011/11/09 01:33:33 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011/11/01 04:58:45 | 000,214,816 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/01 21:32:11 | 000,007,601 | ---- | C] () -- C:\Users\Goodie\AppData\Local\Resmon.ResmonCfg
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/09/26 19:16:36 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/03/31 19:45:11 | 001,907,712 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/03/31 19:45:11 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/03/31 19:45:11 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/03/31 19:45:11 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/03/31 19:45:11 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/03/25 17:29:35 | 000,000,094 | ---- | C] () -- C:\Users\Goodie\AppData\Local\fusioncache.dat
[2010/03/25 17:26:15 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/25 17:22:46 | 000,747,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/25 15:48:19 | 000,000,785 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/01/04 02:02:25 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/03 20:45:23 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/03 20:45:13 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2009/11/05 14:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

< End of report >

ken545
2012-02-02, 11:01
Looks like it worked, those entries are gone.

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\Windows\SysWOW64\epmntdrv.sys
C:\Windows\SysWOW64\EuGdiDrv.sys


If the site is busy you can try this one
http://virusscan.jotti.org/en

DeepFriedMotherboard
2012-02-03, 02:09
Scanned both files, came back with nothing.

The EuGdiDrv.sys analysis here (https://www.virustotal.com/file/b2c4d872550a41a91efc2a12fe699e99b3f6baa26e68d75f1004389fbcf7db89/analysis/1328227611/)


The epmntdrv.sys analysis here (https://www.virustotal.com/file/971506f90f764aa9acc87e498f606fb433a45e4a3ac66441e4e6df002dd9bcde/analysis/1328227543/)

ken545
2012-02-03, 11:34
:bigthumb:

Things running any better ?

DeepFriedMotherboard
2012-02-04, 00:48
It seems to be running a bit smoother although I am encountering the same problem, just quite less frequently. Nonetheless thanks for all the help! Is there anything else you can find? If not it might just be a physical problem (it's been a good little bit since I've dusted SOME of the components) or network issues.

ken545
2012-02-04, 01:13
Hi,

Lets check a bit deeper, run this program and post the log please


Download FSS (http://download.bleepingcomputer.com/farbar/FSS.exe) to your desktop

Click on "Scan".
Please copy and paste the log to your reply.

DeepFriedMotherboard
2012-02-04, 02:32
Here's the FSS log:

Farbar Service Scanner Version: 02-02-2012
Ran by Goodie (administrator) on 03-02-2012 at 19:31:09
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ken545
2012-02-04, 04:34
Lets try a few more scanners

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

DeepFriedMotherboard
2012-02-04, 06:07
Here's the TDSSKiller log:

23:04:54.0499 4384 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
23:04:55.0045 4384 ============================================================
23:04:55.0045 4384 Current date / time: 2012/02/03 23:04:55.0045
23:04:55.0045 4384 SystemInfo:
23:04:55.0045 4384
23:04:55.0045 4384 OS Version: 6.1.7600 ServicePack: 0.0
23:04:55.0045 4384 Product type: Workstation
23:04:55.0045 4384 ComputerName: GOODIE-PC
23:04:55.0045 4384 UserName: Goodie
23:04:55.0045 4384 Windows directory: C:\Windows
23:04:55.0045 4384 System windows directory: C:\Windows
23:04:55.0045 4384 Running under WOW64
23:04:55.0045 4384 Processor architecture: Intel x64
23:04:55.0045 4384 Number of processors: 1
23:04:55.0045 4384 Page size: 0x1000
23:04:55.0045 4384 Boot type: Normal boot
23:04:55.0045 4384 ============================================================
23:04:56.0699 4384 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:04:56.0715 4384 \Device\Harddisk0\DR0:
23:04:56.0715 4384 MBR used
23:04:56.0715 4384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
23:04:56.0715 4384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
23:04:56.0761 4384 Initialize success
23:04:56.0761 4384 ============================================================
23:05:06.0231 3704 ============================================================
23:05:06.0231 3704 Scan started
23:05:06.0231 3704 Mode: Manual;
23:05:06.0231 3704 ============================================================
23:05:09.0288 3704 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:05:09.0288 3704 1394ohci - ok
23:05:09.0366 3704 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:05:09.0382 3704 ACPI - ok
23:05:09.0444 3704 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:05:09.0444 3704 AcpiPmi - ok
23:05:09.0569 3704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:05:09.0600 3704 adp94xx - ok
23:05:09.0694 3704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:05:09.0725 3704 adpahci - ok
23:05:09.0788 3704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:05:09.0803 3704 adpu320 - ok
23:05:09.0928 3704 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
23:05:09.0944 3704 AFD - ok
23:05:10.0022 3704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:05:10.0022 3704 agp440 - ok
23:05:10.0131 3704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:05:10.0131 3704 aliide - ok
23:05:10.0224 3704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:05:10.0224 3704 amdide - ok
23:05:10.0302 3704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:05:10.0302 3704 AmdK8 - ok
23:05:10.0365 3704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:05:10.0365 3704 AmdPPM - ok
23:05:10.0458 3704 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:05:10.0458 3704 amdsata - ok
23:05:10.0521 3704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:05:10.0536 3704 amdsbs - ok
23:05:10.0614 3704 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:05:10.0630 3704 amdxata - ok
23:05:10.0692 3704 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:05:10.0708 3704 AppID - ok
23:05:10.0833 3704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:05:10.0833 3704 arc - ok
23:05:10.0942 3704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:05:10.0942 3704 arcsas - ok
23:05:11.0036 3704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:05:11.0036 3704 AsyncMac - ok
23:05:11.0082 3704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:05:11.0098 3704 atapi - ok
23:05:11.0254 3704 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
23:05:11.0316 3704 athr - ok
23:05:11.0644 3704 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
23:05:11.0862 3704 atikmdag - ok
23:05:12.0003 3704 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:05:12.0003 3704 AtiPcie - ok
23:05:12.0190 3704 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
23:05:12.0206 3704 AvgLdx64 - ok
23:05:12.0284 3704 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
23:05:12.0299 3704 AvgMfx64 - ok
23:05:12.0362 3704 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
23:05:12.0393 3704 AvgTdiA - ok
23:05:12.0502 3704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:05:12.0518 3704 b06bdrv - ok
23:05:12.0596 3704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:05:12.0611 3704 b57nd60a - ok
23:05:12.0845 3704 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:05:12.0970 3704 BCM43XX - ok
23:05:13.0048 3704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:05:13.0048 3704 Beep - ok
23:05:13.0220 3704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:05:13.0235 3704 blbdrive - ok
23:05:13.0298 3704 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:05:13.0298 3704 bowser - ok
23:05:13.0344 3704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:05:13.0344 3704 BrFiltLo - ok
23:05:13.0376 3704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:05:13.0376 3704 BrFiltUp - ok
23:05:13.0438 3704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:05:13.0438 3704 Brserid - ok
23:05:13.0469 3704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:05:13.0469 3704 BrSerWdm - ok
23:05:13.0500 3704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:05:13.0516 3704 BrUsbMdm - ok
23:05:13.0547 3704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:05:13.0547 3704 BrUsbSer - ok
23:05:13.0578 3704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:05:13.0578 3704 BTHMODEM - ok
23:05:13.0656 3704 catchme - ok
23:05:13.0734 3704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:05:13.0734 3704 cdfs - ok
23:05:14.0078 3704 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:05:14.0093 3704 cdrom - ok
23:05:14.0280 3704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:05:14.0280 3704 circlass - ok
23:05:14.0343 3704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:05:14.0358 3704 CLFS - ok
23:05:14.0421 3704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:05:14.0421 3704 CmBatt - ok
23:05:14.0468 3704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:05:14.0468 3704 cmdide - ok
23:05:14.0514 3704 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:05:14.0530 3704 CNG - ok
23:05:14.0561 3704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:05:14.0561 3704 Compbatt - ok
23:05:14.0592 3704 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:05:14.0592 3704 CompositeBus - ok
23:05:14.0686 3704 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
23:05:14.0686 3704 cpuz135 - ok
23:05:14.0748 3704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:05:14.0748 3704 crcdisk - ok
23:05:14.0936 3704 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:05:14.0951 3704 DfsC - ok
23:05:15.0014 3704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:05:15.0014 3704 discache - ok
23:05:15.0092 3704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:05:15.0107 3704 Disk - ok
23:05:15.0232 3704 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
23:05:15.0232 3704 DKbFltr - ok
23:05:15.0357 3704 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
23:05:15.0357 3704 DNE - ok
23:05:15.0513 3704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:05:15.0513 3704 drmkaud - ok
23:05:15.0622 3704 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:05:15.0669 3704 DXGKrnl - ok
23:05:15.0856 3704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:05:15.0996 3704 ebdrv - ok
23:05:16.0121 3704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:05:16.0168 3704 elxstor - ok
23:05:16.0277 3704 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
23:05:16.0277 3704 epmntdrv - ok
23:05:16.0324 3704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:05:16.0340 3704 ErrDev - ok
23:05:16.0418 3704 EuGdiDrv (40292f3332b76b726e5312d088f5bea9) C:\Windows\system32\EuGdiDrv.sys
23:05:16.0418 3704 EuGdiDrv - ok
23:05:16.0496 3704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:05:16.0511 3704 exfat - ok
23:05:16.0542 3704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:05:16.0558 3704 fastfat - ok
23:05:16.0605 3704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:05:16.0620 3704 fdc - ok
23:05:16.0667 3704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:05:16.0667 3704 FileInfo - ok
23:05:16.0698 3704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:05:16.0698 3704 Filetrace - ok
23:05:16.0730 3704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:05:16.0730 3704 flpydisk - ok
23:05:16.0776 3704 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:05:16.0776 3704 FltMgr - ok
23:05:16.0823 3704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:05:16.0823 3704 FsDepends - ok
23:05:16.0854 3704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:05:16.0854 3704 Fs_Rec - ok
23:05:16.0917 3704 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:05:16.0932 3704 fvevol - ok
23:05:16.0979 3704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:05:16.0979 3704 gagp30kx - ok
23:05:17.0229 3704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:05:17.0244 3704 hcw85cir - ok
23:05:17.0354 3704 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:05:17.0369 3704 HdAudAddService - ok
23:05:17.0463 3704 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:05:17.0463 3704 HDAudBus - ok
23:05:17.0510 3704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:05:17.0510 3704 HidBatt - ok
23:05:17.0572 3704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:05:17.0572 3704 HidBth - ok
23:05:17.0634 3704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:05:17.0634 3704 HidIr - ok
23:05:17.0728 3704 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:05:17.0728 3704 HidUsb - ok
23:05:17.0837 3704 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:05:17.0837 3704 HpSAMD - ok
23:05:17.0946 3704 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:05:17.0978 3704 HTTP - ok
23:05:18.0040 3704 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:05:18.0040 3704 hwpolicy - ok
23:05:18.0102 3704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:05:18.0102 3704 i8042prt - ok
23:05:18.0196 3704 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:05:18.0227 3704 iaStorV - ok
23:05:18.0305 3704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:05:18.0305 3704 iirsp - ok
23:05:18.0477 3704 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
23:05:18.0570 3704 IntcAzAudAddService - ok
23:05:18.0633 3704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:05:18.0633 3704 intelide - ok
23:05:18.0695 3704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:05:18.0695 3704 intelppm - ok
23:05:18.0773 3704 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:18.0789 3704 IpFilterDriver - ok
23:05:18.0867 3704 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:05:18.0867 3704 IPMIDRV - ok
23:05:18.0945 3704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:05:18.0945 3704 IPNAT - ok
23:05:19.0023 3704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:05:19.0023 3704 IRENUM - ok
23:05:19.0085 3704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:05:19.0085 3704 isapnp - ok
23:05:19.0163 3704 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:05:19.0179 3704 iScsiPrt - ok
23:05:19.0288 3704 ivusb (5922922b27a57247aa62f5ab1a59af7c) C:\Windows\system32\DRIVERS\ivusb.sys
23:05:19.0288 3704 ivusb - ok
23:05:19.0350 3704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:19.0350 3704 kbdclass - ok
23:05:19.0428 3704 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:19.0428 3704 kbdhid - ok
23:05:19.0522 3704 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:05:19.0522 3704 KSecDD - ok
23:05:19.0584 3704 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:05:19.0584 3704 KSecPkg - ok
23:05:19.0662 3704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:05:19.0662 3704 ksthunk - ok
23:05:19.0740 3704 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:05:19.0756 3704 L1C - ok
23:05:19.0865 3704 L6UX2 (42e25441c303519e753014893a13a04e) C:\Windows\system32\Drivers\L6UX264.sys
23:05:19.0896 3704 L6UX2 - ok
23:05:20.0021 3704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:05:20.0037 3704 lltdio - ok
23:05:20.0130 3704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:05:20.0130 3704 LSI_FC - ok
23:05:20.0162 3704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:05:20.0162 3704 LSI_SAS - ok
23:05:20.0193 3704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:05:20.0193 3704 LSI_SAS2 - ok
23:05:20.0240 3704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:05:20.0240 3704 LSI_SCSI - ok
23:05:20.0286 3704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:05:20.0286 3704 luafv - ok
23:05:20.0349 3704 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:05:20.0349 3704 MBAMProtector - ok
23:05:20.0442 3704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:05:20.0442 3704 megasas - ok
23:05:20.0489 3704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:05:20.0505 3704 MegaSR - ok
23:05:20.0583 3704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:05:20.0583 3704 Modem - ok
23:05:20.0645 3704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:05:20.0645 3704 monitor - ok
23:05:20.0723 3704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:20.0739 3704 mouclass - ok
23:05:20.0786 3704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:20.0786 3704 mouhid - ok
23:05:20.0848 3704 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:05:20.0848 3704 mountmgr - ok
23:05:20.0926 3704 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:05:20.0926 3704 mpio - ok
23:05:20.0988 3704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:05:20.0988 3704 mpsdrv - ok
23:05:21.0066 3704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:05:21.0066 3704 MRxDAV - ok
23:05:21.0176 3704 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:21.0176 3704 mrxsmb - ok
23:05:21.0207 3704 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:21.0222 3704 mrxsmb10 - ok
23:05:21.0254 3704 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:21.0254 3704 mrxsmb20 - ok
23:05:21.0300 3704 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:05:21.0300 3704 msahci - ok
23:05:21.0347 3704 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:05:21.0347 3704 msdsm - ok
23:05:21.0410 3704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:05:21.0410 3704 Msfs - ok
23:05:21.0456 3704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:05:21.0456 3704 mshidkmdf - ok
23:05:21.0488 3704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:05:21.0488 3704 msisadrv - ok
23:05:21.0550 3704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:21.0566 3704 MSKSSRV - ok
23:05:21.0597 3704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:21.0597 3704 MSPCLOCK - ok
23:05:21.0628 3704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:05:21.0628 3704 MSPQM - ok
23:05:21.0675 3704 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:05:21.0690 3704 MsRPC - ok
23:05:21.0722 3704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:21.0722 3704 mssmbios - ok
23:05:21.0753 3704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:05:21.0753 3704 MSTEE - ok
23:05:21.0800 3704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:05:21.0800 3704 MTConfig - ok
23:05:21.0846 3704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:05:21.0846 3704 Mup - ok
23:05:21.0893 3704 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:05:21.0893 3704 mwlPSDFilter - ok
23:05:21.0924 3704 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:05:21.0924 3704 mwlPSDNServ - ok
23:05:21.0956 3704 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:05:21.0971 3704 mwlPSDVDisk - ok
23:05:22.0065 3704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:22.0065 3704 NativeWifiP - ok
23:05:22.0174 3704 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:05:22.0205 3704 NDIS - ok
23:05:22.0268 3704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:05:22.0268 3704 NdisCap - ok
23:05:22.0330 3704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:22.0330 3704 NdisTapi - ok
23:05:22.0392 3704 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:22.0392 3704 Ndisuio - ok
23:05:22.0455 3704 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:22.0470 3704 NdisWan - ok
23:05:22.0517 3704 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:05:22.0517 3704 NDProxy - ok
23:05:22.0580 3704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:05:22.0595 3704 NetBIOS - ok
23:05:22.0642 3704 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:05:22.0673 3704 NetBT - ok
23:05:22.0798 3704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:05:22.0798 3704 nfrd960 - ok
23:05:22.0876 3704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:05:22.0876 3704 Npfs - ok
23:05:22.0923 3704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:05:22.0923 3704 nsiproxy - ok
23:05:23.0016 3704 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:05:23.0063 3704 Ntfs - ok
23:05:23.0126 3704 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
23:05:23.0141 3704 NTIDrvr - ok
23:05:23.0204 3704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:05:23.0204 3704 Null - ok
23:05:23.0250 3704 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:05:23.0266 3704 nvraid - ok
23:05:23.0313 3704 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:05:23.0328 3704 nvstor - ok
23:05:23.0360 3704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:05:23.0360 3704 nv_agp - ok
23:05:23.0391 3704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:05:23.0406 3704 ohci1394 - ok
23:05:23.0453 3704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:05:23.0453 3704 Parport - ok
23:05:23.0484 3704 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:05:23.0500 3704 partmgr - ok
23:05:23.0531 3704 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:05:23.0547 3704 pci - ok
23:05:23.0578 3704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:05:23.0578 3704 pciide - ok
23:05:23.0625 3704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:05:23.0625 3704 pcmcia - ok
23:05:23.0656 3704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:05:23.0672 3704 pcw - ok
23:05:23.0703 3704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:05:23.0734 3704 PEAUTH - ok
23:05:23.0984 3704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:23.0984 3704 PptpMiniport - ok
23:05:24.0046 3704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:05:24.0046 3704 Processor - ok
23:05:24.0093 3704 PROCEXP151 - ok
23:05:24.0202 3704 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:05:24.0218 3704 Psched - ok
23:05:24.0405 3704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:05:24.0467 3704 ql2300 - ok
23:05:24.0514 3704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:05:24.0530 3704 ql40xx - ok
23:05:24.0623 3704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:05:24.0623 3704 QWAVEdrv - ok
23:05:24.0686 3704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:24.0686 3704 RasAcd - ok
23:05:24.0748 3704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:05:24.0748 3704 RasAgileVpn - ok
23:05:24.0810 3704 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:24.0810 3704 Rasl2tp - ok
23:05:24.0857 3704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:24.0857 3704 RasPppoe - ok
23:05:24.0904 3704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:24.0904 3704 RasSstp - ok
23:05:24.0966 3704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:24.0966 3704 rdbss - ok
23:05:24.0998 3704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:05:24.0998 3704 rdpbus - ok
23:05:25.0029 3704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:25.0044 3704 RDPCDD - ok
23:05:25.0091 3704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:05:25.0091 3704 RDPENCDD - ok
23:05:25.0169 3704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:05:25.0185 3704 RDPREFMP - ok
23:05:25.0232 3704 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:05:25.0247 3704 RDPWD - ok
23:05:25.0325 3704 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:05:25.0341 3704 rdyboost - ok
23:05:25.0497 3704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:25.0512 3704 rspndr - ok
23:05:25.0606 3704 RSUSBSTOR (b1d04ed92d148b54169499d9568a3c55) C:\Windows\system32\Drivers\RtsUStor.sys
23:05:25.0622 3704 RSUSBSTOR - ok
23:05:25.0668 3704 RtsUIR - ok
23:05:25.0746 3704 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:05:25.0746 3704 sbp2port - ok
23:05:25.0856 3704 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:05:25.0856 3704 scfilter - ok
23:05:25.0965 3704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:05:25.0965 3704 secdrv - ok
23:05:26.0043 3704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:05:26.0043 3704 Serenum - ok
23:05:26.0090 3704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:05:26.0090 3704 Serial - ok
23:05:26.0121 3704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:05:26.0121 3704 sermouse - ok
23:05:26.0199 3704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:05:26.0214 3704 sffdisk - ok
23:05:26.0246 3704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:05:26.0246 3704 sffp_mmc - ok
23:05:26.0292 3704 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:05:26.0292 3704 sffp_sd - ok
23:05:26.0339 3704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:05:26.0339 3704 sfloppy - ok
23:05:26.0402 3704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:05:26.0417 3704 SiSRaid2 - ok
23:05:26.0448 3704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:05:26.0448 3704 SiSRaid4 - ok
23:05:26.0480 3704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:05:26.0480 3704 Smb - ok
23:05:26.0558 3704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:05:26.0558 3704 spldr - ok
23:05:26.0651 3704 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:05:26.0651 3704 srv - ok
23:05:26.0698 3704 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:05:26.0714 3704 srv2 - ok
23:05:26.0760 3704 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:26.0776 3704 srvnet - ok
23:05:26.0854 3704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:05:26.0854 3704 stexstor - ok
23:05:26.0901 3704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:05:26.0901 3704 swenum - ok
23:05:26.0994 3704 SWIPsec (1e036f98e6c780dd7669f516e8be0cea) C:\Windows\system32\Drivers\SWIPsec.sys
23:05:26.0994 3704 SWIPsec - ok
23:05:27.0104 3704 SWVNIC (dcf11e08a8524b19ec47515c22be492e) C:\Windows\system32\DRIVERS\swvnic.sys
23:05:27.0104 3704 SWVNIC - ok
23:05:27.0182 3704 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
23:05:27.0197 3704 SynTP - ok
23:05:27.0400 3704 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:05:27.0431 3704 Tcpip - ok
23:05:27.0540 3704 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:05:27.0556 3704 TCPIP6 - ok
23:05:27.0618 3704 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:05:27.0618 3704 tcpipreg - ok
23:05:27.0665 3704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:05:27.0665 3704 TDPIPE - ok
23:05:27.0696 3704 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:05:27.0696 3704 TDTCP - ok
23:05:27.0743 3704 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:05:27.0759 3704 tdx - ok
23:05:27.0790 3704 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:05:27.0790 3704 TermDD - ok
23:05:27.0852 3704 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:27.0852 3704 tssecsrv - ok
23:05:27.0915 3704 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:05:27.0915 3704 tunnel - ok
23:05:27.0977 3704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:05:27.0977 3704 uagp35 - ok
23:05:28.0055 3704 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
23:05:28.0055 3704 UBHelper - ok
23:05:28.0102 3704 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:05:28.0118 3704 udfs - ok
23:05:28.0242 3704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:05:28.0242 3704 uliagpkx - ok
23:05:28.0320 3704 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:05:28.0320 3704 umbus - ok
23:05:28.0383 3704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:05:28.0383 3704 UmPass - ok
23:05:28.0508 3704 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
23:05:28.0523 3704 usbaudio - ok
23:05:28.0586 3704 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:28.0601 3704 usbccgp - ok
23:05:28.0648 3704 USBCCID - ok
23:05:28.0726 3704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:05:28.0742 3704 usbcir - ok
23:05:28.0804 3704 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:05:28.0804 3704 usbehci - ok
23:05:28.0929 3704 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
23:05:28.0929 3704 usbfilter - ok
23:05:29.0022 3704 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:05:29.0038 3704 usbhub - ok
23:05:29.0100 3704 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:05:29.0116 3704 usbohci - ok
23:05:29.0194 3704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:05:29.0194 3704 usbprint - ok
23:05:29.0334 3704 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:29.0334 3704 USBSTOR - ok
23:05:29.0397 3704 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:05:29.0397 3704 usbuhci - ok
23:05:29.0506 3704 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:05:29.0522 3704 usbvideo - ok
23:05:29.0631 3704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:05:29.0631 3704 vdrvroot - ok
23:05:29.0709 3704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:29.0724 3704 vga - ok
23:05:29.0771 3704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:05:29.0787 3704 VgaSave - ok
23:05:29.0849 3704 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:05:29.0865 3704 vhdmp - ok
23:05:29.0927 3704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:05:29.0927 3704 viaide - ok
23:05:29.0990 3704 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:05:30.0005 3704 volmgr - ok
23:05:30.0068 3704 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:05:30.0083 3704 volmgrx - ok
23:05:30.0161 3704 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:05:30.0177 3704 volsnap - ok
23:05:30.0239 3704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:05:30.0255 3704 vsmraid - ok
23:05:30.0333 3704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:05:30.0333 3704 vwifibus - ok
23:05:30.0395 3704 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:05:30.0395 3704 vwififlt - ok
23:05:30.0473 3704 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:05:30.0473 3704 vwifimp - ok
23:05:30.0567 3704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:05:30.0567 3704 WacomPen - ok
23:05:30.0645 3704 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:30.0660 3704 WANARP - ok
23:05:30.0707 3704 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:30.0707 3704 Wanarpv6 - ok
23:05:30.0863 3704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:05:30.0863 3704 Wd - ok
23:05:30.0941 3704 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:05:30.0941 3704 WDC_SAM - ok
23:05:31.0004 3704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:05:31.0019 3704 Wdf01000 - ok
23:05:31.0113 3704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:05:31.0113 3704 WfpLwf - ok
23:05:31.0160 3704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:05:31.0160 3704 WIMMount - ok
23:05:31.0284 3704 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:05:31.0284 3704 WinUsb - ok
23:05:31.0347 3704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:31.0347 3704 WmiAcpi - ok
23:05:31.0425 3704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:05:31.0425 3704 ws2ifsl - ok
23:05:31.0503 3704 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:05:31.0503 3704 WudfPf - ok
23:05:31.0550 3704 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:31.0550 3704 WUDFRd - ok
23:05:31.0674 3704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:05:31.0737 3704 \Device\Harddisk0\DR0 - ok
23:05:31.0768 3704 Boot (0x1200) (9aec4b44b17ea8d447cc76b42037bb5c) \Device\Harddisk0\DR0\Partition0
23:05:31.0768 3704 \Device\Harddisk0\DR0\Partition0 - ok
23:05:31.0815 3704 Boot (0x1200) (62934e911f2f13c31a115768e95b24ab) \Device\Harddisk0\DR0\Partition1
23:05:31.0815 3704 \Device\Harddisk0\DR0\Partition1 - ok
23:05:31.0830 3704 ============================================================
23:05:31.0830 3704 Scan finished
23:05:31.0830 3704 ============================================================
23:05:31.0877 3204 Detected object count: 0
23:05:31.0877 3204 Actual detected object count: 0

ken545
2012-02-04, 12:10
Lets run this free online virus scanner

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

DeepFriedMotherboard
2012-02-05, 12:18
Well I ran it and it encountered three malicious files which were all dealt with. That could be some of the problem. Here's the log.txt:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

ken545
2012-02-05, 15:10
Let me see the files it removed please

C:\Program Files\EsetOnlineScanner\log.txt

DeepFriedMotherboard
2012-02-05, 15:33
What I posted WAS the log.txt. I thought it seemed a little bit strange that the log only included that, but that's it.

The directory you provided (C:\Program...) doesn't exist. It's in C:\Program Files(x84)\ESET\EsetOnlineScanner\log.txt and the information I gave you in the previous post is what it has. I was monitoring the scan and the quarantined was one win32/packed.auto.e application and two win32/toolbar.zugo variant applications. Other than that, I don't have any other info. Sorry.

ken545
2012-02-05, 16:10
Things any better ?

DeepFriedMotherboard
2012-02-06, 01:01
Yeah! It's running nice and smooth. :thanks: I appreciate all the help! I'm glad to finally be able to record music without issues! :D

ken545
2012-02-06, 05:06
:bigthumb:


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

ken545
2012-02-09, 00:46
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.