Right after I got done playing a game the other day, the system started running slowly, and so I decided to run advanced system care to see if there were any registry problems. It eventually got stuck on Trojan.win32 agent. Computer then froze, and the bsod popped up, then proceeded to restart my computer.
Ever since then, the computer randomly freezes when I restart firefox, and the bsod pops up and restarts it again. I followed all of your instructions, and hope that you guys can help me out. Thanks in advance.
The logs are as follows:
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.06.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ahmed :: AHMED-PC [administrator]
Protection: Enabled
2/6/2012 12:50:49 PM
mbam-log-2012-02-06 (12-50-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205092
Time elapsed: 12 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
*******************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-06 13:12:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: q871qrr4.exe; Driver: C:\Users\ahmed\AppData\Local\Temp\pglorpow.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855721E8
Device \Driver\atapi \Device\Ide\IdePort0 855721E8
Device \Driver\atapi \Device\Ide\IdePort1 855721E8
Device \Driver\atapi \Device\Ide\IdePort2 855721E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855721E8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 855731E8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 855731E8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 855731E8
Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81 865961E8
Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81Port3Path0Target1Lun0 865961E8
Device \FileSystem\Ntfs \Ntfs 855761E8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
Device \FileSystem\fastfat \Fat 8929C1E8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by ahmed at 13:14:40 on 2012-02-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1326 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 5\Asc.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=gppc&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110516&user_guid=C07A0CBAE6EA4DD182AC90EEA7A76F2F&machine_id=e1b3d200ca52f19b1aab1bfbf8c03c5f&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = cdn;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\055425557494E4F4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F5636666736336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F574F575962756C6563737F5249344640393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\34F677669637860275966496 : DhcpNameServer = 192.168.2.1 10.1.10.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\84F627375686561646 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\B40216E6460214 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4913C5BA-6905-49E2-AB6E-CC55EA162FF8} : DhcpNameServer = 66.174.92.14 66.174.95.44 8.8.8.8
TCP: Interfaces\{7AC1BC10-46E0-4813-B6FA-653093AA5599} : DhcpNameServer = 68.87.69.150 68.87.85.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: avgrsstx.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\iitm3sox.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ahmed\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\ahmed\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2009-11-6 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-6 52872]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-12-5 15672]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-6 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-6 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-6 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-6 243152]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-17 497496]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-20 2331544]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-5 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-5 2253120]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-6 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2009-11-6 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2009-11-6 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2009-11-6 20560]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-5 20464]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-12-4 139880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-4 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-4 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.21006\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [?]
S4 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-17 112592]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== Created Last 30 ================
.
2012-02-06 17:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-06 17:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-06 16:33:05 -------- d-----w- c:\programdata\SecTaskMan
2012-02-06 16:31:10 -------- d-----w- c:\program files\Security Task Manager
2012-02-06 16:21:07 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\offreg.dll
2012-02-06 16:09:38 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b18543be-a806-420f-a48c-10662eec2876}\gapaengine.dll
2012-02-06 16:09:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\mpengine.dll
2012-02-06 16:06:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-06 16:06:25 -------- d-----w- C:\c67b696dacb13b001272d49d27b351
2012-02-06 02:46:03 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-02-06 02:33:00 -------- d-----w- C:\sh4ldr
2012-02-06 02:33:00 -------- d-----w- c:\program files\Enigma Software Group
2012-02-05 23:08:36 -------- d-----w- c:\users\ahmed\appdata\roaming\Malwarebytes
2012-02-05 23:08:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 23:08:26 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 23:08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 22:48:15 -------- d-----w- C:\ERDNT
2012-02-05 22:48:12 -------- d-----w- c:\windows\ERUNT
2012-02-05 22:47:30 -------- d-----w- C:\!FixIEDef
2012-01-28 13:53:57 -------- d-----w- c:\users\ahmed\appdata\roaming\redsn0w
2012-01-28 12:51:49 -------- d-----w- C:\sn0wbreeze
2012-01-28 11:44:46 -------- d-----w- c:\program files\iTunes
2012-01-28 11:44:46 -------- d-----w- c:\program files\iPod
2012-01-28 11:41:13 -------- d-----w- c:\program files\Bonjour
2012-01-25 01:33:13 -------- d-----w- c:\users\ahmed\appdata\local\Spotify
2012-01-25 01:33:06 -------- d-----w- c:\users\ahmed\appdata\roaming\Spotify
.
==================== Find3M ====================
.
2012-02-06 21:05:36 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 11:04:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 11:03:03 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-18 11:03:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-18 11:01:51 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 11:01:51 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 11:01:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 11:00:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 11:00:08 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 10:46:18 1699328 ----a-w- c:\windows\system32\esent.dll
2011-12-18 10:46:17 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-12-18 10:46:17 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-18 10:46:17 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-18 10:46:14 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-18 10:46:14 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-18 10:46:14 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-18 10:46:14 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-18 10:46:14 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-18 10:44:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-18 10:43:31 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-18 10:43:13 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-18 10:41:48 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-18 10:41:21 2616320 ----a-w- c:\windows\explorer.exe
2011-12-18 10:40:49 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-18 10:39:45 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-18 10:39:45 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-18 10:39:45 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-07 06:39:28 10134560 ----a-w- c:\program files\common files\lpuninstall.exe
2011-12-01 20:48:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 06:11:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-15 20:30:28 2114968249 ----a-w- c:\program files\DragonNestSetupV02.exe
2011-02-16 22:56:04 2290745340 ----a-w- c:\program files\MSSetupv95.exe
.
============= FINISH: 13:16:18.05 ===============
Thanks again.
Ever since then, the computer randomly freezes when I restart firefox, and the bsod pops up and restarts it again. I followed all of your instructions, and hope that you guys can help me out. Thanks in advance.
The logs are as follows:
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.06.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ahmed :: AHMED-PC [administrator]
Protection: Enabled
2/6/2012 12:50:49 PM
mbam-log-2012-02-06 (12-50-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205092
Time elapsed: 12 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
*******************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-06 13:12:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: q871qrr4.exe; Driver: C:\Users\ahmed\AppData\Local\Temp\pglorpow.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855721E8
Device \Driver\atapi \Device\Ide\IdePort0 855721E8
Device \Driver\atapi \Device\Ide\IdePort1 855721E8
Device \Driver\atapi \Device\Ide\IdePort2 855721E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855721E8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 855731E8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 855731E8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 855731E8
Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81 865961E8
Device \Driver\aa6krfl8 \Device\Scsi\aa6krfl81Port3Path0Target1Lun0 865961E8
Device \FileSystem\Ntfs \Ntfs 855761E8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
Device \FileSystem\fastfat \Fat 8929C1E8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by ahmed at 13:14:40 on 2012-02-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1326 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare 5\Asc.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=gppc&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110516&user_guid=C07A0CBAE6EA4DD182AC90EEA7A76F2F&machine_id=e1b3d200ca52f19b1aab1bfbf8c03c5f&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = cdn;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\055425557494E4F4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F5636666736336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\2456C6B696E6F574F575962756C6563737F5249344640393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\34F677669637860275966496 : DhcpNameServer = 192.168.2.1 10.1.10.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\84F627375686561646 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{303A9293-532E-4DDB-A9C6-3F458378C600}\B40216E6460214 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4913C5BA-6905-49E2-AB6E-CC55EA162FF8} : DhcpNameServer = 66.174.92.14 66.174.95.44 8.8.8.8
TCP: Interfaces\{7AC1BC10-46E0-4813-B6FA-653093AA5599} : DhcpNameServer = 68.87.69.150 68.87.85.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: avgrsstx.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ahmed\appdata\roaming\mozilla\firefox\profiles\iitm3sox.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ahmed\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\ahmed\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2009-11-6 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-6 52872]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-12-5 15672]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-6 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-6 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-6 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-6 243152]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-17 497496]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-20 2331544]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-5 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-5 2253120]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-6 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2009-11-6 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2009-11-6 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2009-11-6 20560]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-5 20464]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-12-4 139880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-6 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-4 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-4 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.21006\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [?]
S4 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-17 112592]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== Created Last 30 ================
.
2012-02-06 17:22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-06 17:22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-06 16:33:05 -------- d-----w- c:\programdata\SecTaskMan
2012-02-06 16:31:10 -------- d-----w- c:\program files\Security Task Manager
2012-02-06 16:21:07 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\offreg.dll
2012-02-06 16:09:38 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b18543be-a806-420f-a48c-10662eec2876}\gapaengine.dll
2012-02-06 16:09:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaed03f3-7910-43f1-9986-d695be75b41d}\mpengine.dll
2012-02-06 16:06:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-06 16:06:25 -------- d-----w- C:\c67b696dacb13b001272d49d27b351
2012-02-06 02:46:03 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-02-06 02:33:00 110080 ----a-r- c:\users\ahmed\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-02-06 02:33:00 -------- d-----w- C:\sh4ldr
2012-02-06 02:33:00 -------- d-----w- c:\program files\Enigma Software Group
2012-02-05 23:08:36 -------- d-----w- c:\users\ahmed\appdata\roaming\Malwarebytes
2012-02-05 23:08:26 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 23:08:26 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 23:08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 22:48:15 -------- d-----w- C:\ERDNT
2012-02-05 22:48:12 -------- d-----w- c:\windows\ERUNT
2012-02-05 22:47:30 -------- d-----w- C:\!FixIEDef
2012-01-28 13:53:57 -------- d-----w- c:\users\ahmed\appdata\roaming\redsn0w
2012-01-28 12:51:49 -------- d-----w- C:\sn0wbreeze
2012-01-28 11:44:46 -------- d-----w- c:\program files\iTunes
2012-01-28 11:44:46 -------- d-----w- c:\program files\iPod
2012-01-28 11:41:13 -------- d-----w- c:\program files\Bonjour
2012-01-25 01:33:13 -------- d-----w- c:\users\ahmed\appdata\local\Spotify
2012-01-25 01:33:06 -------- d-----w- c:\users\ahmed\appdata\roaming\Spotify
.
==================== Find3M ====================
.
2012-02-06 21:05:36 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-18 11:04:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 11:03:03 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-18 11:03:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-18 11:01:51 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 11:01:51 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 11:01:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 11:00:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-18 11:00:08 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 10:46:18 1699328 ----a-w- c:\windows\system32\esent.dll
2011-12-18 10:46:17 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-12-18 10:46:17 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-18 10:46:17 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-18 10:46:14 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-18 10:46:14 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-18 10:46:14 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-18 10:46:14 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-18 10:46:14 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-18 10:44:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-18 10:43:31 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-18 10:43:13 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-18 10:41:48 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-12-18 10:41:21 2616320 ----a-w- c:\windows\explorer.exe
2011-12-18 10:40:49 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-18 10:39:45 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-18 10:39:45 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-18 10:39:45 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-07 06:39:28 10134560 ----a-w- c:\program files\common files\lpuninstall.exe
2011-12-01 20:48:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-01 06:11:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-15 20:30:28 2114968249 ----a-w- c:\program files\DragonNestSetupV02.exe
2011-02-16 22:56:04 2290745340 ----a-w- c:\program files\MSSetupv95.exe
.
============= FINISH: 13:16:18.05 ===============
Thanks again.