Jump to content

Recommended Posts

Hello and :welcome:

First of all lets do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Well the sounds still play. It's weird because they are just random clips of songs, casual conversation, sound effects and stuff like that.

I can find what's making the sounds in task manager the Image Name is called stdrt.exe *32 and the description is Windows Media Center Diagnostic Application.

It has a significantly higher Memory usage compared to everything else on start up. I can open the location and its a random file in Temp.

Link to post
Share on other sites

That was also the file we uploaded to VT. :)

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


File::
c:\windows\TEMP\mrt5A30.tmp\stdrt.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

That didn't work, the files are in a random folder. Lets see if a rootkit scan can help here.

GMER

-------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-24 11:54:18

Windows 6.1.7601 Service Pack 1

Running: h154d4un.exe

---- Files - GMER 1.0.15 ----

File C:\Users\Corn-shits\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXT2VMYS\version[1].htm 3 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IR73B9ZS\videoplayback[4] 4707569 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IR73B9ZS\watch[3].txt 101149 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KP07ZO8F.txt 177 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RCQFT9EN.txt 73 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4LMEX71A.txt 2055 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5368XWLT.txt 0 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8GYJMCSQ.txt 488 bytes

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2XKXLK8Y.txt 1695 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Please run also the following.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL logfile created on: 2/24/2012 12:40:15 PM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Corn-shits\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.39% Memory free

15.95 Gb Paging File | 14.09 Gb Available in Paging File | 88.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 54.90 Gb Total Space | 14.94 Gb Free Space | 27.21% Space Free | Partition Type: NTFS

Drive D: | 876.41 Gb Total Space | 760.33 Gb Free Space | 86.76% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 254.33 Gb Free Space | 27.30% Space Free | Partition Type: NTFS

Computer Name: CORN-SHITS-PC | User Name: Corn-shits | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/24 12:39:05 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Corn-shits\Desktop\OTL.exe

PRC - [2012/02/24 11:48:18 | 000,372,736 | ---- | M] ( ) -- C:\Windows\temp\mrt61CE.tmp\stdrt.exe

PRC - [2012/02/24 10:22:43 | 000,302,592 | ---- | M] () -- C:\Users\Corn-shits\Desktop\h154d4un.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/10/20 04:26:00 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/10/20 01:50:00 | 002,253,120 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/09/02 16:58:32 | 000,442,696 | ---- | M] (MSI CO.,LTD.) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/07/05 21:15:26 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/07/05 21:15:20 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2009/12/18 20:29:06 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Install\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/24 10:22:43 | 000,302,592 | ---- | M] () -- C:\Users\Corn-shits\Desktop\h154d4un.exe

MOD - [2012/02/14 21:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

MOD - [2012/02/14 21:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

MOD - [2012/02/14 21:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll

MOD - [2012/02/14 21:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll

MOD - [2012/02/14 21:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll

MOD - [2011/12/12 15:44:08 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Install\RocketDock\RocketDock.exe

MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- D:\Install\RocketDock\RocketDock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/02/10 11:55:55 | 000,689,492 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\adbcnsl.exe -- (Adobe Licensing Console)

SRV - [2012/01/21 20:43:21 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/10/20 04:26:00 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/10/20 01:50:00 | 002,253,120 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/07/05 21:15:26 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/07/05 21:15:20 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/18 20:29:06 | 000,077,824 | ---- | M] (Avid, Inc. All rights reserved.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/15 05:15:42 | 004,862,368 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C920(UVC)

DRV:64bit: - [2011/12/15 05:15:34 | 000,351,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/08/08 16:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011/07/07 12:51:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/06/09 22:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/14 01:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)

DRV:64bit: - [2011/03/14 01:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/01/15 08:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010/11/20 19:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 19:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010/11/20 19:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 19:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2009/12/18 23:42:46 | 000,032,400 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbx2midk.sys -- (MBX2MIDK)

DRV:64bit: - [2009/12/18 23:42:42 | 000,031,120 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbx2dfu.sys -- (MBX2DFU)

DRV:64bit: - [2009/12/18 23:42:38 | 000,021,520 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)

DRV:64bit: - [2009/12/18 23:42:26 | 000,139,792 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dalwdm.sys -- (dalwdmservice)

DRV:64bit: - [2009/12/02 13:50:38 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)

DRV:64bit: - [2009/11/17 15:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2010/07/12 17:54:26 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-542760868-277710334-883578566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-542760868-277710334-883578566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 6A AB 77 EB EC CC 01 [binary data]

IE - HKU\S-1-5-21-542760868-277710334-883578566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-542760868-277710334-883578566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Corn-shits\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Corn-shits\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/06 02:26:45 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Corn-shits\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Corn-shits\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: Stylish = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.9_0\

CHR - Extension: AVG Safe Search = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Skype Click to Call = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: Gmail = C:\Users\Corn-shits\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/24 09:45:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bootStartBRC] C:\Program Files (x86)\MSI\BiosRomCheck\BootStartBiosRomCheck.exe (MSI CO.,LTD.)

O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid, Inc. All rights reserved.)

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (MSI)

O4 - HKU\S-1-5-21-542760868-277710334-883578566-1000..\Run: [RocketDock] D:\Install\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-542760868-277710334-883578566-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-542760868-277710334-883578566-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-542760868-277710334-883578566-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-542760868-277710334-883578566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-542760868-277710334-883578566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-542760868-277710334-883578566-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.101.119.223 129.101.119.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE1ED0A2-19E3-45F2-9F5F-8AC41002F26B}: DhcpNameServer = 129.101.119.223 129.101.119.220

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 12:39:15 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Corn-shits\Desktop\OTL.exe

[2012/02/24 09:46:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/02/24 09:44:22 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/02/23 12:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/02/23 12:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/02/23 12:32:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/02/23 12:32:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/02/23 12:32:08 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/23 09:46:43 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Corn-shits\Desktop\tdsskiller.exe

[2012/02/22 20:55:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Corn-shits\Desktop\dds.scr

[2012/02/22 19:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/02/22 18:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InterLok

[2012/02/22 18:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digidesign

[2012/02/22 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Digidesign

[2012/02/22 18:07:07 | 002,558,716 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\dgfwdio.dll

[2012/02/22 18:07:07 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll

[2012/02/22 18:07:07 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll

[2012/02/22 18:07:07 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll

[2012/02/22 18:07:07 | 000,836,096 | ---- | C] (PACE Anti-Piracy) -- C:\Windows\SysWow64\ilinet.dll

[2012/02/22 18:07:07 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll

[2012/02/22 18:07:07 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll

[2012/02/22 18:07:07 | 000,335,872 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\digiasio.dll

[2012/02/22 18:07:07 | 000,180,224 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\Digi32.dll

[2012/02/22 18:07:07 | 000,155,648 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\Diomidi.DLL

[2012/02/22 18:07:07 | 000,139,792 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysNative\drivers\Dalwdm.sys

[2012/02/22 18:07:07 | 000,090,112 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\SysWow64\WinMMFix.dll

[2012/02/22 18:07:07 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll

[2012/02/22 18:07:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL

[2012/02/22 18:07:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ITA.DLL

[2012/02/22 18:07:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71FRA.DLL

[2012/02/22 18:07:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ESP.DLL

[2012/02/22 18:07:07 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ENU.DLL

[2012/02/22 18:07:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71KOR.DLL

[2012/02/22 18:07:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71JPN.DLL

[2012/02/22 18:07:07 | 000,045,568 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\mbx2midu.dll

[2012/02/22 18:07:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHT.DLL

[2012/02/22 18:07:07 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHS.DLL

[2012/02/22 18:07:07 | 000,038,928 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\drivers\dgfwboot.sys

[2012/02/22 18:07:07 | 000,032,400 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysNative\drivers\mbx2midk.sys

[2012/02/22 18:07:07 | 000,031,120 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysNative\drivers\mbx2dfu.sys

[2012/02/22 18:07:07 | 000,021,520 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysNative\drivers\diginet.sys

[2012/02/22 18:07:07 | 000,014,848 | ---- | C] (Avid, Inc. All rights reserved.) -- C:\Windows\SysWow64\digicoin.dll

[2012/02/22 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digidesign

[2012/02/21 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2012/02/21 09:46:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2012/02/21 09:45:50 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\RIFT

[2012/02/21 09:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT

[2012/02/18 13:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX

[2012/02/18 13:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\reFX

[2012/02/18 13:39:52 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\SynthMaker

[2012/02/18 13:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign

[2012/02/18 13:31:53 | 002,440,704 | ---- | C] (AD © 2010) -- C:\Windows\SysWow64\SYNSOEMU.DLL

[2012/02/16 12:45:31 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2012/02/16 12:45:31 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2012/02/16 12:45:31 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2012/02/16 12:45:31 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2012/02/16 12:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/02/16 10:24:44 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Malwarebytes

[2012/02/16 10:24:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/16 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/16 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/14 19:11:00 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/02/14 19:11:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/02/14 19:11:00 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/02/14 19:10:56 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012/02/14 19:10:54 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/02/14 19:10:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/02/14 19:10:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/02/14 19:10:54 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/02/14 19:10:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/02/14 19:10:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/02/14 19:10:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/02/13 12:18:52 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

[2012/02/13 12:18:52 | 000,000,000 | ---D | C] -- C:\Windows\_ISTMP1.DIR

[2012/02/13 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\Desktop\New folder

[2012/02/11 21:33:45 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2012/02/11 21:26:47 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS

[2012/02/11 21:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BOSS

[2012/02/11 15:15:37 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\Documents\Nexus Mod Manager

[2012/02/11 15:15:37 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Local\Black_Tree_Gaming

[2012/02/11 15:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

[2012/02/11 02:11:01 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\GRETECH

[2012/02/11 01:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player

[2012/02/11 01:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH

[2012/02/10 15:04:16 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Image-Line

[2012/02/10 15:01:18 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Deckadance19

[2012/02/10 15:01:07 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\SongManager

[2012/02/10 14:38:02 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll

[2012/02/10 14:38:02 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll

[2012/02/10 14:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software

[2012/02/10 14:31:50 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Propellerhead Software

[2012/02/10 14:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2012/02/10 14:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead

[2012/02/10 11:58:48 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2

[2012/02/10 11:57:39 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\Documents\Image-Line

[2012/02/10 11:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line

[2012/02/10 11:57:30 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm

[2012/02/10 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

[2012/02/10 11:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line

[2012/02/10 11:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim

[2012/02/10 11:55:55 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\MMFApplications

[2012/02/07 22:46:37 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Local\Adobe

[2012/02/07 22:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/02/07 22:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/02/07 22:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/02/07 14:51:27 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Guitar Pro 6

[2012/02/07 14:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6

[2012/02/06 08:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock

[2012/02/06 02:27:19 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\AVG2012

[2012/02/06 02:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012

[2012/02/06 02:26:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG

[2012/02/06 02:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2012/02/06 02:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

[2012/02/06 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2012/02/06 02:22:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/02/06 02:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/02/04 19:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2012/02/03 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\Documents\WB Games

[2012/02/03 13:04:53 | 000,000,000 | ---D | C] -- C:\Riot Games

[2012/02/03 13:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2012/02/03 12:52:29 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Local\Downloaded Installations

[2012/02/03 12:51:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2012/02/03 12:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2012/02/03 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2012/02/03 02:14:25 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Local\Skyrim

[2012/02/03 02:14:25 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\Documents\My Games

[2012/02/03 02:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911

[2012/02/02 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Local\Logitech® Webcam Software

[2012/02/02 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2012/02/02 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Leadertech

[2012/02/02 16:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2012/02/02 16:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS

[2012/02/02 16:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012/02/02 16:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech

[2012/02/02 16:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd

[2012/02/02 16:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2012/02/02 15:42:11 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\NVIDIA

[2012/02/02 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

[2012/02/02 15:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/02/02 15:34:06 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll

[2012/02/02 15:34:06 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys

[2012/02/02 15:34:06 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll

[2012/02/02 15:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2012/02/02 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2012/02/02 15:33:22 | 010,406,208 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2012/02/02 15:33:22 | 005,067,584 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2012/02/02 15:33:22 | 003,074,368 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2012/02/02 15:33:22 | 000,837,952 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll

[2012/02/02 15:33:22 | 000,222,528 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2012/02/02 15:33:22 | 000,137,536 | R--- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2012/02/02 15:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012/02/02 15:33:15 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll

[2012/02/02 15:33:15 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll

[2012/02/02 15:32:53 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012/02/02 15:32:53 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012/02/02 15:32:52 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2012/02/02 15:32:52 | 007,042,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2012/02/02 15:32:51 | 024,743,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2012/02/02 15:32:50 | 018,872,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2012/02/02 15:32:46 | 015,694,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2012/02/02 15:32:44 | 013,205,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2012/02/02 15:32:44 | 002,543,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2012/02/02 15:32:44 | 002,401,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2012/02/02 15:32:43 | 005,581,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2012/02/02 15:32:43 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2012/02/02 15:32:43 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2012/02/02 15:32:42 | 007,585,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2012/02/02 15:32:40 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2012/02/02 15:32:38 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2012/02/02 15:32:38 | 002,808,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2012/02/02 15:32:38 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2012/02/02 15:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2012/02/02 13:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes

[2012/02/02 13:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes

[2012/02/02 03:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/02/02 03:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/02/02 03:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/02/02 03:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/02/02 03:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/02/01 16:19:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012/02/01 16:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012/02/01 16:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012/01/29 16:32:24 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Roaming\Skype

[2012/01/29 16:32:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/01/29 16:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/01/29 16:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/01/26 23:53:29 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2012/01/26 23:53:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2012/01/26 23:53:29 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2012/01/26 23:53:29 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2012/01/26 23:53:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2012/01/26 23:53:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2012/01/26 23:53:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2012/01/26 23:53:29 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2012/01/26 23:53:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2012/01/26 23:53:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2012/01/26 23:53:28 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2012/01/26 23:53:28 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2012/01/26 23:53:28 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll

[2012/01/26 23:53:28 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2012/01/26 23:53:28 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2012/01/26 23:53:28 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2012/01/26 23:53:28 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2012/01/26 23:53:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2012/01/26 23:53:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2012/01/26 23:53:28 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll

[2012/01/26 23:53:28 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll

[2012/01/26 23:53:28 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2012/01/26 23:53:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2012/01/26 23:53:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2012/01/26 23:53:27 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll

[2012/01/26 23:53:27 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2012/01/26 23:53:26 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll

[2012/01/26 23:53:26 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2012/01/26 23:53:26 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll

[2012/01/26 23:53:26 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2012/01/26 23:53:26 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2012/01/26 23:53:26 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll

[2012/01/26 23:53:25 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll

[2012/01/26 23:53:25 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2012/01/26 23:53:25 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll

[2012/01/26 23:53:25 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll

[2012/01/26 23:53:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2012/01/26 23:53:25 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll

[2012/01/26 23:53:25 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll

[2012/01/26 23:53:25 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll

[2012/01/26 23:53:25 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll

[2012/01/26 23:53:25 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2012/01/26 23:53:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2012/01/26 23:53:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll

[2012/01/26 23:53:25 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll

[2012/01/26 23:53:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2012/01/26 23:53:25 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2012/01/26 23:53:25 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll

[2012/01/26 23:53:25 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll

[2012/01/26 23:53:25 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2012/01/26 23:53:25 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll

[2012/01/26 23:53:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2012/01/26 23:53:24 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2012/01/26 23:53:24 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2012/01/26 23:53:24 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2012/01/26 23:53:24 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2012/01/26 23:53:24 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2012/01/26 23:53:24 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll

[2012/01/26 23:53:24 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2012/01/26 23:53:24 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll

[2012/01/26 23:53:24 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2012/01/26 23:53:24 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2012/01/26 23:53:24 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll

[2012/01/26 23:53:24 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll

[2012/01/26 23:53:24 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll

[2012/01/26 23:53:24 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2012/01/26 23:53:24 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll

[2012/01/26 23:53:24 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2012/01/26 23:53:23 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2012/01/26 23:53:23 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2012/01/26 23:53:23 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2012/01/26 23:53:23 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll

[2012/01/26 23:53:23 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2012/01/26 23:53:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2012/01/26 23:53:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2012/01/26 23:53:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll

[2012/01/26 23:53:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll

[2012/01/26 23:53:23 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll

[2012/01/26 23:53:23 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2012/01/26 23:53:23 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll

[2012/01/26 23:53:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2012/01/26 23:53:22 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll

[2012/01/26 23:53:22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2012/01/26 23:53:22 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll

[2012/01/26 23:53:22 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2012/01/26 23:53:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll

[2012/01/26 23:53:22 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll

[2012/01/26 23:53:22 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2012/01/26 23:53:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2012/01/26 23:53:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2012/01/26 23:53:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll

[2012/01/26 23:53:21 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll

[2012/01/26 23:53:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2012/01/26 23:53:21 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll

[2012/01/26 23:53:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2012/01/26 23:53:21 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll

[2012/01/26 23:53:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2012/01/26 23:53:21 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll

[2012/01/26 23:53:21 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2012/01/26 23:53:21 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll

[2012/01/26 23:53:21 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2012/01/26 23:53:20 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll

[2012/01/26 23:53:20 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2012/01/26 23:53:20 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll

[2012/01/26 23:53:20 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2012/01/26 23:53:20 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll

[2012/01/26 23:53:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2012/01/26 23:53:19 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll

[2012/01/26 23:53:19 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll

[2012/01/26 23:53:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2012/01/26 23:53:19 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2012/01/26 23:53:19 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll

[2012/01/26 23:53:19 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll

[2012/01/26 23:53:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll

[2012/01/26 23:53:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2012/01/26 23:53:19 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2012/01/26 23:53:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2012/01/26 23:53:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll

[2012/01/26 23:53:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll

[2012/01/26 23:53:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll

[2012/01/26 23:53:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2012/01/26 23:53:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2012/01/26 23:53:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2012/01/26 23:53:19 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll

[2012/01/26 23:53:19 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll

[2012/01/26 23:53:19 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll

[2012/01/26 23:53:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2012/01/26 23:53:19 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2012/01/26 23:53:19 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2012/01/26 23:53:19 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll

[2012/01/26 23:53:19 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2012/01/26 23:53:19 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll

[2012/01/26 23:53:19 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2012/01/26 23:53:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll

[2012/01/26 23:53:18 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll

[2012/01/26 23:53:18 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2012/01/26 23:53:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2012/01/26 23:53:18 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll

[2012/01/26 23:53:18 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2012/01/26 23:53:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll

[2012/01/26 23:53:18 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll

[2012/01/26 23:53:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2012/01/26 23:53:18 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2012/01/26 23:53:17 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll

[2012/01/26 23:53:17 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2012/01/26 23:53:17 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll

[2012/01/26 23:53:17 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll

[2012/01/26 23:53:17 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll

[2012/01/26 23:53:17 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll

[2012/01/26 23:53:17 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2012/01/26 23:53:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2012/01/26 23:53:17 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2012/01/26 23:53:17 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2012/01/26 23:53:17 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll

[2012/01/26 23:53:17 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll

[2012/01/26 23:53:17 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2012/01/26 23:53:17 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2012/01/26 23:53:17 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll

[2012/01/26 23:53:17 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2012/01/26 23:53:15 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll

[2012/01/26 23:53:15 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll

[2012/01/26 23:53:15 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll

[2012/01/26 23:53:15 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll

[2012/01/26 23:53:15 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2012/01/26 23:53:15 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2012/01/26 23:53:15 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2012/01/26 23:53:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2012/01/26 23:53:15 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll

[2012/01/26 23:53:15 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2012/01/26 23:53:15 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll

[2012/01/26 23:53:15 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2012/01/26 23:53:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll

[2012/01/26 23:53:14 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll

[2012/01/26 23:53:14 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll

[2012/01/26 23:53:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2012/01/26 23:53:14 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2012/01/26 23:53:14 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2012/01/26 22:20:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/01/25 13:53:41 | 000,000,000 | ---D | C] -- C:\Users\Corn-shits\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2012/02/24 12:43:22 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\deck.ini

[2012/02/24 12:39:05 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Corn-shits\Desktop\OTL.exe

[2012/02/24 12:30:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-542760868-277710334-883578566-1000UA.job

[2012/02/24 11:58:38 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/24 11:58:38 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/24 11:54:43 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/24 11:54:43 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/24 11:54:43 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/24 11:48:35 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2012/02/24 11:48:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/24 11:48:16 | 2126,143,487 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/24 10:22:43 | 000,302,592 | ---- | M] () -- C:\Users\Corn-shits\Desktop\h154d4un.exe

[2012/02/24 10:21:59 | 000,302,592 | ---- | M] () -- C:\Users\Corn-shits\Desktop\fue24dpe.exe

[2012/02/24 09:45:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/02/24 08:28:54 | 089,952,282 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/02/23 20:30:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-542760868-277710334-883578566-1000Core.job

[2012/02/23 09:46:38 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Corn-shits\Desktop\tdsskiller.exe

[2012/02/22 20:55:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Corn-shits\Desktop\dds.scr

[2012/02/22 18:16:09 | 000,084,534 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/02/21 15:49:31 | 000,053,795 | ---- | M] () -- C:\Users\Corn-shits\.recently-used.xbel

[2012/02/21 09:46:18 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT.lnk

[2012/02/21 08:07:52 | 000,307,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/16 12:45:23 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2012/02/16 12:45:23 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2012/02/16 12:45:23 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2012/02/16 12:45:23 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2012/02/16 10:24:41 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/13 12:23:14 | 000,000,305 | ---- | M] () -- C:\Windows\RECMGRUN.INI

[2012/02/11 15:15:33 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk

[2012/02/11 01:59:03 | 000,001,175 | ---- | M] () -- C:\Users\Corn-shits\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

[2012/02/10 14:38:02 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll

[2012/02/10 14:38:02 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll

[2012/02/10 14:29:46 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\checkOS.bat

[2012/02/10 11:55:55 | 000,689,492 | ---- | M] ( ) -- C:\Windows\SysWow64\adbcnsl.exe

[2012/02/06 02:26:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/02/06 02:26:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/02/02 00:57:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012/02/01 18:25:22 | 000,000,727 | ---- | M] () -- C:\Users\Corn-shits\Desktop\Stuff & Things.lnk

[2012/02/01 18:25:22 | 000,000,653 | ---- | M] () -- C:\Users\Corn-shits\Desktop\Images.lnk

[2012/02/01 18:25:22 | 000,000,642 | ---- | M] () -- C:\Users\Corn-shits\Desktop\Music.lnk

[2012/02/01 18:25:22 | 000,000,642 | ---- | M] () -- C:\Users\Corn-shits\Desktop\Games.lnk

[2012/02/01 18:25:02 | 000,000,458 | ---- | M] () -- C:\Users\Corn-shits\Desktop\Everything.lnk

========== Files Created - No Company Name ==========

[2012/02/24 10:22:56 | 000,302,592 | ---- | C] () -- C:\Users\Corn-shits\Desktop\h154d4un.exe

[2012/02/24 10:21:56 | 000,302,592 | ---- | C] () -- C:\Users\Corn-shits\Desktop\fue24dpe.exe

[2012/02/24 08:28:54 | 089,952,282 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/02/23 12:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/02/23 12:32:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/02/23 12:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/02/23 12:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/02/23 12:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/02/22 18:16:09 | 000,084,534 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/02/22 18:07:07 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll

[2012/02/21 15:49:31 | 000,053,795 | ---- | C] () -- C:\Users\Corn-shits\.recently-used.xbel

[2012/02/21 09:46:18 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk

[2012/02/16 10:24:41 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/13 12:23:14 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI

[2012/02/13 12:23:14 | 000,000,305 | ---- | C] () -- C:\Windows\RECMGRUN.INI

[2012/02/13 12:18:54 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI

[2012/02/11 15:15:33 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk

[2012/02/11 01:59:03 | 000,001,175 | ---- | C] () -- C:\Users\Corn-shits\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

[2012/02/10 14:30:21 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\deck.ini

[2012/02/10 14:29:46 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\checkOS.bat

[2012/02/10 11:55:55 | 000,689,492 | ---- | C] ( ) -- C:\Windows\SysWow64\adbcnsl.exe

[2012/02/07 22:45:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/02/06 02:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/02/06 02:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/02/03 12:50:59 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2012/02/02 15:39:22 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll

[2012/02/02 15:33:15 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2012/02/02 00:57:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012/02/01 18:25:24 | 000,000,727 | ---- | C] () -- C:\Users\Corn-shits\Desktop\Stuff & Things.lnk

[2012/02/01 18:25:24 | 000,000,653 | ---- | C] () -- C:\Users\Corn-shits\Desktop\Images.lnk

[2012/02/01 18:25:24 | 000,000,642 | ---- | C] () -- C:\Users\Corn-shits\Desktop\Music.lnk

[2012/02/01 18:25:24 | 000,000,642 | ---- | C] () -- C:\Users\Corn-shits\Desktop\Games.lnk

[2012/02/01 18:25:02 | 000,000,458 | ---- | C] () -- C:\Users\Corn-shits\Desktop\Everything.lnk

[2012/01/17 15:26:36 | 000,109,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/01/12 11:31:54 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/01/12 11:31:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/01/12 11:31:54 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/01/12 11:31:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012/01/12 11:31:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011/12/15 05:23:04 | 010,920,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2011/12/15 05:23:04 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2011/12/15 05:23:04 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/10/20 04:26:12 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 2/24/2012 12:40:15 PM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Corn-shits\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.39% Memory free

15.95 Gb Paging File | 14.09 Gb Available in Paging File | 88.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 54.90 Gb Total Space | 14.94 Gb Free Space | 27.21% Space Free | Partition Type: NTFS

Drive D: | 876.41 Gb Total Space | 760.33 Gb Free Space | 86.76% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 254.33 Gb Free Space | 27.30% Space Free | Partition Type: NTFS

Computer Name: CORN-SHITS-PC | User Name: Corn-shits | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64

"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit)

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.66

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.66

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.66

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.66

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012

"{DFE96CF0-A611-40C4-AE24-2E4C21E3FF3E}" = Digidesign ElevenRack Driver 1.0.8 (x64)

"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"AVG" = AVG 2012

"A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0.3

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Afterburner" = MSI Afterburner 2.1.0

"ASIO4ALL" = ASIO4ALL

"BOSS" = BOSS

"Deckadance" = Deckadance

"DirectWave" = DirectWave

"FL Studio 10" = FL Studio 10

"Glary Utilities_is1" = Glary Utilities 2.41.0.1358

"GOM Player" = GOM Player

"IL Autogun" = IL Autogun

"IL Download Manager" = IL Download Manager

"IL Juice Pack" = IL Juice Pack

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"MagniDriver" = marvell 91xx driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Reason5_is1" = Reason 5.0

"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0

"RocketDock_is1" = RocketDock 1.3.5

"Steam App 22350" = Brink

"Steam App 440" = Team Fortress 2

"Steam App 57400" = Batman: Arkham City™

"uTorrent" = µTorrent

"VAIOSoft Recovery Manager" = VAIOSoft Recovery Manager

"VirtualCloneDrive" = VirtualCloneDrive

"WinGimp-2.0_is1" = GIMP 2.6.11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-542760868-277710334-883578566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/23/2012 4:23:05 AM | Computer Name = Corn-shits-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary 73788081. System Error: The system cannot find the file specified. .

Error - 2/23/2012 4:23:05 AM | Computer Name = Corn-shits-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary 8877394drv. System Error: The system cannot find the file specified. .

Error - 2/23/2012 1:45:37 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/23/2012 4:38:44 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/23/2012 6:58:10 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/23/2012 11:41:18 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/24/2012 12:23:54 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/24/2012 12:32:11 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/24/2012 1:47:07 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

Error - 2/24/2012 3:49:54 PM | Computer Name = Corn-shits-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 2/24/2012 1:46:06 PM | Computer Name = Corn-shits-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe

Licensing Console service to connect.

Error - 2/24/2012 1:46:06 PM | Computer Name = Corn-shits-PC | Source = Service Control Manager | ID = 7000

Description = The Adobe Licensing Console service failed to start due to the following

error: %%1053

Error - 2/24/2012 1:46:07 PM | Computer Name = Corn-shits-PC | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 2/24/2012 2:23:10 PM | Computer Name = Corn-shits-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/24/2012 3:38:36 PM | Computer Name = Corn-shits-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/24/2012 3:39:53 PM | Computer Name = Corn-shits-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/24/2012 3:45:27 PM | Computer Name = Corn-shits-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/24/2012 3:47:54 PM | Computer Name = Corn-shits-PC | Source = Application Popup | ID = 262200

Description = Driver PCI returned invalid ID for a child device (FFFFFFFFFFFFFFFF00).

Error - 2/24/2012 3:48:48 PM | Computer Name = Corn-shits-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe

Licensing Console service to connect.

Error - 2/24/2012 3:48:48 PM | Computer Name = Corn-shits-PC | Source = Service Control Manager | ID = 7000

Description = The Adobe Licensing Console service failed to start due to the following

error: %%1053

< End of report >

Link to post
Share on other sites

Hi again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.

    :otl
    [2012/02/24 12:43:22 | 000,000,032 | ---- | M] () -- C:\Windows\SysWow64\deck.ini

    :files
    C:\Windows\temp\mrt61CE.tmp\stdrt.exe

    :commands
    [emptytemp]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

After this, rerun combofix and post me the log.

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\Windows\SysWOW64\deck.ini moved successfully.

========== FILES ==========

C:\Windows\temp\mrt61CE.tmp\stdrt.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Corn-shits

->Temp folder emptied: 3261451 bytes

->Temporary Internet Files folder emptied: 3175973 bytes

->Java cache emptied: 3281262 bytes

->Google Chrome cache emptied: 254019397 bytes

->Flash cache emptied: 23797 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2451876 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 429 bytes

Total Files Cleaned = 254.00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_132312

Files\Folders moved on Reboot...

C:\Users\Corn-shits\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

So I had the OTL report in the text box but I started running Combofix and it sort of exited out of my browser... I don't know how to get it back.

ComboFix 12-02-23.01 - Corn-shits 02/24/2012 13:27:11.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8165.6750 [GMT -8:00]

Running from: c:\users\Corn-shits\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))

.

.

2012-02-24 21:31 . 2012-02-24 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-24 21:23 . 2012-02-24 21:23 -------- d-----w- C:\_OTL

2012-02-23 03:47 . 2012-02-23 03:47 -------- d-----w- c:\programdata\Kaspersky Lab

2012-02-23 02:10 . 2012-02-23 02:10 -------- d-----w- c:\program files (x86)\InterLok

2012-02-21 17:45 . 2012-02-21 18:07 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\RIFT

2012-02-18 21:41 . 2012-02-18 21:41 -------- d-----w- c:\program files (x86)\Common Files\reFX

2012-02-18 21:39 . 2012-02-18 21:39 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\SynthMaker

2012-02-18 21:34 . 2012-02-23 02:07 -------- d-----w- c:\program files (x86)\Common Files\Digidesign

2012-02-18 21:31 . 2010-01-17 07:27 2440704 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL

2012-02-16 20:45 . 2012-02-16 20:45 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-16 20:45 . 2012-02-16 20:45 -------- d-----w- c:\program files\Java

2012-02-16 18:24 . 2012-02-16 18:24 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Malwarebytes

2012-02-16 18:24 . 2012-02-23 03:19 -------- d-----w- c:\programdata\Malwarebytes

2012-02-16 18:24 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-15 03:11 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 03:11 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 03:11 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 03:11 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-13 20:18 . 2012-02-13 20:23 -------- d-----w- c:\windows\_ISTMP1.DIR

2012-02-13 20:18 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe

2012-02-12 05:33 . 2012-02-12 05:33 -------- d-----w- C:\NVIDIA

2012-02-12 05:26 . 2012-02-12 05:26 -------- d-----w- c:\program files (x86)\Common Files\BOSS

2012-02-11 23:15 . 2012-02-11 23:15 -------- d-----w- c:\users\Corn-shits\AppData\Local\Black_Tree_Gaming

2012-02-11 10:11 . 2012-02-11 10:11 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\GRETECH

2012-02-11 09:58 . 2012-02-11 09:58 -------- d-----w- c:\program files (x86)\GRETECH

2012-02-10 23:04 . 2012-02-10 23:04 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Image-Line

2012-02-10 23:01 . 2012-02-10 23:01 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Deckadance19

2012-02-10 23:01 . 2012-02-10 23:01 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\SongManager

2012-02-10 22:38 . 2012-02-10 22:38 406528 ----a-w- c:\windows\SysWow64\ReWire.dll

2012-02-10 22:38 . 2012-02-10 22:38 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2012-02-10 22:31 . 2012-02-10 22:38 -------- d-----w- c:\programdata\Propellerhead Software

2012-02-10 22:31 . 2012-02-10 22:40 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Propellerhead Software

2012-02-10 22:29 . 2012-02-10 22:29 384 ----a-w- c:\windows\SysWow64\checkOS.bat

2012-02-10 22:26 . 2012-02-10 22:26 -------- d-----w- c:\windows\SysWow64\Macromed

2012-02-10 19:57 . 2012-02-10 22:59 -------- d-----w- c:\program files (x86)\Image-Line

2012-02-10 19:57 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm

2012-02-10 19:57 . 2012-02-10 19:57 -------- d-----w- c:\program files (x86)\Outsim

2012-02-10 19:55 . 2012-02-10 19:55 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\MMFApplications

2012-02-10 19:55 . 2012-02-10 19:55 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe

2012-02-08 06:46 . 2012-02-08 06:46 -------- d-----w- c:\users\Corn-shits\AppData\Local\Adobe

2012-02-08 06:45 . 2012-02-08 06:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-02-07 22:51 . 2012-02-23 03:22 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Guitar Pro 6

2012-02-07 22:51 . 2012-02-07 22:51 -------- d-----w- c:\programdata\Guitar Pro 6

2012-02-06 10:27 . 2012-02-06 10:27 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\AVG2012

2012-02-06 10:26 . 2012-02-06 10:26 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-02-06 10:26 . 2012-02-24 16:28 -------- d-----w- c:\windows\system32\drivers\AVG

2012-02-06 10:26 . 2012-02-06 10:38 -------- d-----w- c:\programdata\AVG2012

2012-02-06 10:26 . 2012-02-06 10:26 -------- d-----w- c:\program files (x86)\AVG

2012-02-06 10:22 . 2012-02-06 10:22 -------- d--h--w- c:\programdata\Common Files

2012-02-06 10:21 . 2012-02-24 16:28 -------- d-----w- c:\programdata\MFAData

2012-02-05 03:21 . 2012-02-05 03:21 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2

2012-02-03 21:04 . 2012-02-03 21:04 -------- d-----w- C:\Riot Games

2012-02-03 20:52 . 2012-02-03 20:52 -------- d-----w- c:\users\Corn-shits\AppData\Local\Downloaded Installations

2012-02-03 20:51 . 2012-02-03 20:51 -------- d-----w- c:\windows\SysWow64\xlive

2012-02-03 20:51 . 2012-02-03 20:51 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-02-03 10:39 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD6D197-BF93-413E-89DE-ECA843CF71EF}\mpengine.dll

2012-02-03 10:14 . 2012-02-03 10:14 -------- d-----w- c:\users\Corn-shits\AppData\Local\Skyrim

2012-02-03 00:17 . 2012-02-03 00:17 -------- d-----w- c:\users\Corn-shits\AppData\Local\Logitech® Webcam Software

2012-02-03 00:15 . 2012-02-03 00:15 -------- d-----w- c:\programdata\LogiShrd

2012-02-03 00:14 . 2012-02-03 00:14 53248 ----a-r- c:\users\Corn-shits\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-02-03 00:14 . 2012-02-03 00:14 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Leadertech

2012-02-03 00:14 . 2012-02-03 00:14 -------- d-----w- c:\programdata\Logitech

2012-02-03 00:14 . 2012-02-03 00:14 -------- d-----w- c:\program files (x86)\Common Files\LWS

2012-02-03 00:13 . 2012-02-23 04:29 -------- d-----w- c:\program files (x86)\Logitech

2012-02-03 00:09 . 2012-02-03 00:14 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2012-02-03 00:09 . 2012-02-03 00:14 -------- d-----w- c:\program files\Common Files\logishrd

2012-02-02 23:42 . 2012-02-03 21:09 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\NVIDIA

2012-02-02 23:39 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll

2012-02-02 23:34 . 2012-02-02 23:34 -------- d-----w- c:\users\UpdatusUser

2012-02-02 23:34 . 2011-07-07 20:51 29288 ----a-w- c:\windows\system32\nvhdap64.dll

2012-02-02 23:34 . 2011-07-07 20:51 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-02-02 23:34 . 2011-07-07 20:51 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll

2012-02-02 23:33 . 2012-02-24 21:32 -------- d-----w- c:\programdata\NVIDIA

2012-02-02 23:33 . 2012-02-02 23:34 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-02-02 23:33 . 2011-10-20 09:50 837952 ----a-r- c:\windows\system32\easyupdatusapiu64.dll

2012-02-02 23:33 . 2011-10-20 09:50 5067584 ----a-r- c:\windows\system32\nvsvc64.dll

2012-02-02 23:33 . 2011-10-20 09:50 3074368 ----a-r- c:\windows\system32\nvsvcr.dll

2012-02-02 23:33 . 2011-10-20 09:50 222528 ----a-r- c:\windows\system32\nvmctray.dll

2012-02-02 23:33 . 2011-10-20 09:50 1640768 ----a-r- c:\windows\system32\nvvsvc.exe

2012-02-02 23:33 . 2011-10-20 09:50 137536 ----a-r- c:\windows\system32\nvshext.dll

2012-02-02 23:33 . 2011-10-20 09:50 10406208 ----a-r- c:\windows\system32\nvcpl.dll

2012-02-02 23:33 . 2012-02-02 23:33 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-02-02 23:33 . 2011-10-20 09:50 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2012-02-02 23:33 . 2011-10-20 09:50 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2012-02-02 21:07 . 2012-02-02 21:07 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-02-02 11:24 . 2012-02-02 11:24 -------- d-----w- c:\program files\iTunes

2012-02-02 11:24 . 2012-02-02 11:24 -------- d-----w- c:\program files (x86)\iTunes

2012-02-02 11:24 . 2012-02-02 11:24 -------- d-----w- c:\program files\iPod

2012-02-02 11:23 . 2012-02-02 11:23 -------- d-----w- c:\program files\Common Files\Apple

2012-02-02 00:19 . 2012-02-13 20:11 -------- d-----w- c:\windows\system32\appmgmt

2012-02-02 00:04 . 2012-02-02 00:04 -------- d-----w- c:\program files\7-Zip

2012-01-30 00:32 . 2012-02-21 07:40 -------- d-----w- c:\users\Corn-shits\AppData\Roaming\Skype

2012-01-30 00:32 . 2012-01-30 00:33 -------- d-----r- c:\program files (x86)\Skype

2012-01-30 00:32 . 2012-01-30 00:32 -------- d-----w- c:\programdata\Skype

2012-01-27 06:20 . 2012-01-27 06:20 -------- d-----w- c:\windows\Sun

2012-01-25 21:53 . 2012-02-21 21:21 -------- d-----w- c:\users\Corn-shits\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 21:12 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-02-03 21:12 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-27 08:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-18 05:37 . 2012-01-18 05:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-12-15 13:23 . 2011-12-15 13:23 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll

2011-12-15 13:23 . 2011-12-15 13:23 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll

2011-12-15 13:23 . 2011-12-15 13:23 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll

2011-12-15 13:23 . 2011-12-15 13:23 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll

2011-12-15 13:23 . 2011-12-15 13:23 336408 ----a-w- c:\windows\system32\DevManagerCore.dll

2011-12-15 13:23 . 2011-12-15 13:23 10920472 ----a-w- c:\windows\SysWow64\LogiDPP.dll

2011-12-15 13:23 . 2011-12-15 13:23 10920472 ----a-w- c:\windows\system32\LogiDPP.dll

2011-12-15 13:23 . 2011-12-15 13:23 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe

2011-12-15 13:23 . 2011-12-15 13:23 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe

2011-12-15 13:15 . 2011-12-15 13:15 769312 ----a-w- c:\windows\system32\LVUI64.dll

2011-12-15 13:15 . 2011-12-15 13:15 561440 ----a-w- c:\windows\system32\LVUIRC64.dll

2011-12-15 13:15 . 2011-12-15 13:15 4862368 ----a-w- c:\windows\system32\drivers\lvuvc64.sys

2011-12-15 13:15 . 2011-12-15 13:15 351392 ----a-w- c:\windows\system32\drivers\lvrs64.sys

2011-12-15 13:15 . 2011-12-15 13:15 263456 ----a-w- c:\windows\system32\lvco1340840.dll

2011-12-15 13:15 . 2011-12-15 13:15 176416 ----a-w- c:\windows\system32\lvcod64.dll

2011-12-15 13:08 . 2011-12-15 13:08 38958 ----a-w- c:\windows\system32\Repository.reg

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-23_20.37.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-24 21:23 . 2012-02-24 21:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022420120225\index.dat

+ 2009-07-14 04:54 . 2012-02-24 21:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-23 20:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-02-14 17:49 . 2012-02-24 20:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2012-02-14 17:49 . 2012-02-23 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-11-21 03:09 . 2012-02-24 21:26 37702 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-24 21:26 32106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-12 19:30 . 2012-02-24 21:26 11100 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-542760868-277710334-883578566-1000_UserData.bin

- 2012-01-12 18:51 . 2012-02-23 17:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-12 18:51 . 2012-02-24 21:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-12 18:51 . 2012-02-24 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-01-12 18:51 . 2012-02-23 17:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-24 21:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-23 17:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:46 . 2012-02-23 04:38 89504 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-02-24 16:38 89504 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-01-12 19:46 . 2012-02-23 20:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-12 19:46 . 2012-02-24 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-12 19:46 . 2012-02-24 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-01-12 19:46 . 2012-02-23 20:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-02-24 21:32 . 2012-02-24 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-23 20:37 . 2012-02-23 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-24 21:32 . 2012-02-24 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-24 21:32 . 2012-02-24 21:32 372736 c:\windows\temp\mrt5F7D.tmp\stdrt.exe

+ 2012-02-24 21:32 . 2012-02-24 21:32 307200 c:\windows\temp\mrt5F7D.tmp\mmfs2.dll

+ 2012-02-16 21:12 . 2012-02-24 21:18 382387 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll

+ 2012-02-11 17:46 . 2012-02-24 21:32 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-02-11 17:46 . 2012-02-23 20:37 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-02-24 21:32 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-02-23 20:37 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 02:36 . 2012-02-23 17:49 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-24 19:54 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-24 19:54 106316 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-02-23 17:49 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-02-24 21:31 280524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-02-23 20:36 280524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-02-24 21:32 1146880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:45 . 2012-02-23 03:29 7091133 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-02-24 16:25 7091133 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-04-16 16:44 . 2011-04-16 16:44 2770944 c:\windows\Installer\f7b548.msi

+ 2011-04-16 08:14 . 2011-04-16 08:14 3186176 c:\windows\Installer\f7b526.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="d:\install\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BootStartBRC"="c:\program files (x86)\MSI\BiosRomCheck\BootStartBiosRomCheck.exe" [2011-06-27 319488]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-07-07 303104]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-12-19 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"wave7"=Digi32.dll

"MIDI8"=diomidi.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-02-10 689492]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-20 2253120]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-07-06 2656536]

R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-07-13 14136]

R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]

S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [x]

S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-24 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-20 00:09]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542760868-277710334-883578566-1000Core.job

- c:\users\Corn-shits\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 00:20]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542760868-277710334-883578566-1000UA.job

- c:\users\Corn-shits\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 00:20]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-11 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-11 416024]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 129.101.119.223 129.101.119.220

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,5e,18,cc,07,89,38,41,9b,19,e6,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,5e,18,cc,07,89,38,41,9b,19,e6,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-02-24 13:33:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-24 21:33

ComboFix2.txt 2012-02-24 17:47

ComboFix3.txt 2012-02-23 20:39

.

Pre-Run: 16,313,659,392 bytes free

Post-Run: 16,202,731,520 bytes free

.

- - End Of File - - 601B69D1E99C674E72CB287F2B5D0074

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.