Solved WoW Account Hacked - Scan Logs

[VvWolverinevV]

Am I clean?


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5485

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/8/2011 10:55:18 PM
mbam-log-2011-01-08 (22-55-18).txt

Scan type: Quick scan
Objects scanned: 170493
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER (empty log file)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/23/2010 2:55:20 AM
System Uptime: 1/8/2011 10:49:14 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5E
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2394/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 194.511 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 96.147 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11b/g Wireless Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&1542FBD&0&08F0
Manufacturer: Ralink Technology, Inc.
Name: 802.11b/g Wireless Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&1542FBD&0&08F0
Service: RT2500

==== System Restore Points ===================

RP152: 1/5/2011 6:22:27 PM - Windows Update
RP153: 1/7/2011 6:57:02 AM - Windows Update

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIM 7
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Curse Client
D3DX10
Digsby
Download Updater (AOL LLC)
Dragon Age: Origins
EVEREST Ultimate Edition v5.00
FriendFinder Messenger v4.1
FrostWire 4.21.1
GNU Aspell 0.50-3
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
HashCheck Shell Extension (x86-32)
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
KatMouse (remove only)
Mafia II
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MP3 Cutter Joiner 2.20
MSI Afterburner 2.0.0
MSVCRT
MSVCRT_amd64
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ooVoo
OpenAL
OpenPandora 0.7.0.5
PdaNet for Android 2.45
Picasa 3
Pidgin
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
Ralink Wireless LAN
Rockstar Games Social Club
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Steam
System Requirements Lab
The Weather Channel Desktop 6
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinSCP 4.2.9
World of Warcraft
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/8/2011 10:45:19 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/6/2011 1:14:54 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
1/5/2011 7:30:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/5/2011 7:30:19 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2011 12:13:49 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/5/2011 10:42:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/4/2011 10:57:33 PM, Error: Service Control Manager [7000] - The RivaTuner64 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
1/4/2011 10:37:05 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/4/2011 10:37:05 PM, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/4/2011 10:37:05 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/4/2011 10:37:05 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
1/4/2011 10:37:05 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.
1/4/2011 10:37:05 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Tag at 23:09:19.88 on Sat 01/08/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2543 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\KatMouse\KatMouse.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\taskhost.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tag\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://news.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\Tag\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Tag\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KatMouse.lnk - C:\Program Files (x86)\KatMouse\KatMouse.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: {47A7885D-3642-4EE9-A4CC-C3D722C39785} = 8.8.8.8,8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\
FF - prefs.js: browser.search.selectedEngine - Facebook
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tag\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Tag\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-23 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-23 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-5-23 83120]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe [2010-8-18 69632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-4-30 30232]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-4 155752]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2010-11-9 15360]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-17 136176]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-6 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-6-16 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-9 30192]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-7-12 17920]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-09 03:52:04 -------- d-----w- C:\Users\Tag\AppData\Roaming\Malwarebytes
2011-01-09 03:51:59 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-09 03:51:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-09 03:51:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-09 03:51:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-07 11:57:24 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3A24D333-894B-41E5-8DEC-953E2FBF22AD}\mpengine.dll
2011-01-05 13:11:59 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-01-05 12:29:53 -------- d-----w- C:\Program Files (x86)\Steam
2011-01-05 12:29:53 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-01-05 06:50:54 -------- d-----w- C:\Users\Tag\AppData\Roaming\PrimoPDF
2011-01-05 06:50:22 90624 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-01-05 06:50:20 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-01-05 05:23:34 -------- d-----w- C:\Users\Tag\AppData\Local\PassMark
2011-01-05 05:23:25 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-01-05 05:23:25 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-01-05 05:23:25 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-01-05 05:23:21 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2011-01-05 05:22:56 -------- d-----w- C:\Program Files\PerformanceTest
2011-01-05 05:22:56 -------- d-----w- C:\PROGRA~3\Passmark
2011-01-05 04:02:23 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-01-05 02:19:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-02 22:15:45 -------- d-----w- C:\Users\Tag\AppData\Local\CurseClient
2011-01-02 22:15:44 -------- d-----w- C:\Program Files (x86)\Curse
2010-12-28 03:03:56 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2010-12-28 03:03:56 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-12-28 03:03:18 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-12-20 05:23:15 -------- d-----w- C:\Program Files\iTunes
2010-12-20 05:23:15 -------- d-----w- C:\Program Files\iPod
2010-12-18 13:36:46 -------- d-----w- C:\Program Files (x86)\WinSCP
2010-12-17 11:31:52 -------- d-----w- C:\Program Files (x86)\ooVoo
2010-12-16 02:25:39 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-12-16 02:25:38 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-12-16 02:25:38 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-12-16 02:25:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-12-16 02:25:38 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-12-16 02:25:38 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-12-16 02:25:38 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-12-16 02:25:38 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-12-16 02:25:38 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-12-16 02:25:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-12-16 02:21:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-16 02:21:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-16 02:20:47 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-12-16 02:20:47 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-12-16 02:20:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-12-16 02:20:47 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-16 02:20:06 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-12-16 02:19:57 395776 ----a-w- C:\Windows\System32\webio.dll
2010-12-16 02:19:57 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-12-16 02:19:53 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-16 02:19:53 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-16 02:19:53 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-16 02:18:23 112000 ----a-w- C:\Windows\System32\consent.exe
2010-12-16 00:38:37 -------- d-----w- C:\Users\Tag\.idlerc

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-22 13:01:35 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-12 23:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-06 15:06:19 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-11-06 15:06:19 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-11-06 15:06:19 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-11-06 15:06:19 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 18:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 18:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 18:13:34 61032 ----a-w- C:\Windows\System32\nvshext.dll
2010-10-16 18:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 18:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll

============= FINISH: 23:09:53.17 ===============

 

[Broni]

Hello

I don't see anything suspicious.

It looks like your WOW account has been hacked from the outside, not through your computer.

 

[VvWolverinevV]

Thanks, Broni, Avira Antivir and GMER's full scan did find some things (see the logs attached to my OP). Could none of these have been used to hack my WoW account? I don't know how it would have been hacked "from the outside"

*EDIT*
Starting to think I got brute forced...

 

[Broni]

Avira findings are located in Java cache, so I doubt, it'd be a reason, but let's doublecheck.
Make sure, you paste all logs.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[VvWolverinevV]

Sorry, I didn't paste the AntiVir results because it wasn't on the list of logs to include in the Preliminary Removal Instructions. Here are the logs from MBRCheck and ComboFix. Note that after ComboFix rebooted my computer, I received repeated messages that "PEV.cfxxe has stopped working". I repeatedly clicked "Check online for a solution and close the program", but the messages did not stop until I clicked "Close the program". See attached screenshot.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5E
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 210):
0x02E0F000 \SystemRoot\system32\ntoskrnl.exe
0x033EB000 \SystemRoot\system32\hal.dll
0x00BB0000 \SystemRoot\system32\kdcom.dll
0x00CF5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D39000 \SystemRoot\system32\PSHED.dll
0x00D4D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EAD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EBC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F13000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F1C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F26000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F59000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F66000 \SystemRoot\System32\drivers\partmgr.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F90000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00CD0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DAB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DD5000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DE0000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010AD000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F9000 \SystemRoot\system32\drivers\fileinfo.sys
0x01252000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110D000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0116B000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014DE000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015D0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015E0000 \SystemRoot\System32\Drivers\spldr.sys
0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E8000 \SystemRoot\System32\Drivers\mup.sys
0x014D5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0181E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01858000 \SystemRoot\system32\DRIVERS\disk.sys
0x0186E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018FE000 \SystemRoot\System32\Drivers\Null.SYS
0x01907000 \SystemRoot\System32\Drivers\Beep.SYS
0x0190E000 \SystemRoot\System32\drivers\vga.sys
0x0191C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01941000 \SystemRoot\System32\drivers\watchdog.sys
0x01951000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0195A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01963000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0196C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01977000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01988000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CD6000 \SystemRoot\system32\drivers\afd.sys
0x02D60000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DA5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DD4000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02DE8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C1B000 \SystemRoot\system32\drivers\vpcvmm.sys
0x02C72000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C86000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03A89000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03ADA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03AE6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AF1000 \SystemRoot\System32\drivers\discache.sys
0x03B00000 \SystemRoot\system32\drivers\csc.sys
0x03B83000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BA1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03BB2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03BD4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04816000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053F0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04001000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x040F5000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0413B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0415F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0416C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041C2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03A16000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x041D3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x042BE000 \SystemRoot\system32\drivers\ctaud2k.sys
0x04364000 \SystemRoot\system32\drivers\portcls.sys
0x043A1000 \SystemRoot\system32\drivers\drmk.sys
0x04200000 \SystemRoot\system32\drivers\ks.sys
0x04243000 \SystemRoot\system32\drivers\ctoss2k.sys
0x04274000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x0427C000 \SystemRoot\system32\drivers\ksthunk.sys
0x019B3000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04282000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x042A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043C3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043D3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02C9F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0567E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x056AD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x056C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x056E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0570C000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05717000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05788000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0578A000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x0578E000 \SystemRoot\system32\drivers\WmBEnum.sys
0x05793000 \SystemRoot\system32\drivers\WmXlCore.sys
0x057A5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x057B7000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x057D4000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x057E3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05600000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05726000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0662D000 \SystemRoot\system32\drivers\ha20x2k.sys
0x067AE000 \SystemRoot\system32\drivers\emupia2k.sys
0x06600000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0563C000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x06827000 \SystemRoot\system32\drivers\ctac32k.sys
0x068E0000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0692A000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x06945000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x06C9A000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x000C0000 \SystemRoot\System32\win32k.sys
0x06C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x06C0C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06C1A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06C26000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06C2F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06C42000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x06C50000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06C6D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06C7B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06DF7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0697A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06987000 \SystemRoot\system32\drivers\LVUSBS64.sys
0x07224000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x0387B000 \SystemRoot\system32\DRIVERS\lvpopf64.sys
0x039C6000 \SystemRoot\system32\drivers\usbaudio.sys
0x039E1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03800000 \SystemRoot\system32\drivers\luafv.sys
0x03823000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x03840000 \SystemRoot\system32\drivers\WudfPf.sys
0x07595000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03861000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06992000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x075C6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x075D9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07A4E000 \SystemRoot\system32\drivers\HTTP.sys
0x07B16000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07B34000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07B4C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07B79000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07BC7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x092D4000 \SystemRoot\system32\drivers\peauth.sys
0x0937A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09385000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x093B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x098A1000 \SystemRoot\System32\DRIVERS\srv.sys
0x09937000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x09941000 \SystemRoot\system32\drivers\WmVirHid.sys
0x09988000 \SystemRoot\system32\drivers\WmFilter.sys
0x77640000 \Windows\System32\ntdll.dll
0x47750000 \Windows\System32\smss.exe
0xFF960000 \Windows\System32\apisetschema.dll
0xFF250000 \Windows\System32\autochk.exe
0xFF8B0000 \Windows\System32\comdlg32.dll
0xFF830000 \Windows\System32\difxapi.dll
0xFF790000 \Windows\System32\msvcrt.dll
0x77520000 \Windows\System32\kernel32.dll
0xFF660000 \Windows\System32\wininet.dll
0xFF4E0000 \Windows\System32\urlmon.dll
0x77810000 \Windows\System32\psapi.dll
0xFF3D0000 \Windows\System32\msctf.dll
0xFF360000 \Windows\System32\gdi32.dll
0xFF100000 \Windows\System32\iertutil.dll
0x77420000 \Windows\System32\user32.dll
0x77800000 \Windows\System32\normaliz.dll
0xFF020000 \Windows\System32\oleaut32.dll
0xFF010000 \Windows\System32\lpk.dll
0xFEFE0000 \Windows\System32\imm32.dll
0xFEF90000 \Windows\System32\ws2_32.dll
0xFED80000 \Windows\System32\ole32.dll
0xFECE0000 \Windows\System32\clbcatq.dll
0xFEB00000 \Windows\System32\setupapi.dll
0xFEA20000 \Windows\System32\advapi32.dll
0xFEA00000 \Windows\System32\imagehlp.dll
0xFE930000 \Windows\System32\usp10.dll
0xFDBA0000 \Windows\System32\shell32.dll
0xFDB20000 \Windows\System32\shlwapi.dll
0xFDAD0000 \Windows\System32\Wldap32.dll
0xFD9A0000 \Windows\System32\rpcrt4.dll
0xFD990000 \Windows\System32\nsi.dll
0xFD970000 \Windows\System32\sechost.dll
0xFD900000 \Windows\System32\KernelBase.dll
0xFD8C0000 \Windows\System32\wintrust.dll
0xFD880000 \Windows\System32\cfgmgr32.dll
0xFD860000 \Windows\System32\devobj.dll
0xFD6F0000 \Windows\System32\crypt32.dll
0xFD650000 \Windows\System32\comctl32.dll
0xFD640000 \Windows\System32\msasn1.dll
0x75DC0000 \Windows\SysWOW64\normaliz.dll

Processes (total 97):
0 System Idle Process
4 System
372 C:\Windows\System32\smss.exe
480 csrss.exe
540 C:\Windows\System32\wininit.exe
564 csrss.exe
612 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
928 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
116 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
1064 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1172 C:\Windows\System32\svchost.exe
1288 WUDFHost.exe
1364 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1376 C:\Windows\System32\nvvsvc.exe
1436 WUDFHost.exe
1568 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\spoolsv.exe
1732 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1756 C:\Windows\System32\svchost.exe
1900 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1932 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1964 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1972 C:\Windows\System32\conhost.exe
2016 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1236 C:\Windows\System32\svchost.exe
1408 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1272 LVPrS64H.exe
2060 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2236 C:\Windows\System32\taskhost.exe
2272 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2336 C:\Windows\System32\svchost.exe
2344 C:\Windows\System32\dwm.exe
2372 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2920 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3036 C:\Windows\System32\svchost.exe
3084 C:\Windows\System32\svchost.exe
3304 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3328 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
3340 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
3644 C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
3672 C:\Program Files (x86)\KatMouse\KatMouse.exe
3828 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
3900 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
3092 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
1328 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3692 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3716 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3564 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
2548 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
3960 C:\Windows\System32\SearchIndexer.exe
1528 C:\Windows\SysWOW64\Ctxfihlp.exe
3504 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3604 C:\Program Files\Windows Media Player\wmpnetwk.exe
4276 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
4452 C:\Program Files\iPod\bin\iPodService.exe
4464 C:\Windows\SysWOW64\CTxfispi.exe
4588 taskhost.exe
5272 C:\Windows\System32\audiodg.exe
5788 C:\Windows\System32\svchost.exe
5688 C:\Windows\System32\svchost.exe
5540 C:\Program Files (x86)\iTunes\iTunes.exe
4396 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
4776 C:\Windows\System32\conhost.exe
4648 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
3796 C:\Windows\System32\conhost.exe
736 C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
5772 C:\Program Files (x86)\Steam\Steam.exe
4348 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3372 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5448 C:\Windows\explorer.exe
5064 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
4872 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
4272 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
1224 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
2864 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
4608 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
2584 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
5340 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
5216 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
3616 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
4904 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
4036 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
3112 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
5524 C:\Windows\System32\SearchProtocolHost.exe
4676 C:\Windows\System32\SearchFilterHost.exe
5248 C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe
5292 C:\Users\Tag\Desktop\MBRCheck.exe
4324 C:\Windows\System32\conhost.exe
4300 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3320620A, Rev: 3.AAC
PhysicalDrive2 Model Number: ST3500320AS, Rev: SD15

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: BB91F7E34FF3754A41F2830964B0DA1B003BCA73


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


ComboFix 11-01-09.02 - Tag 01/10/2011 7:02.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2425 [GMT -5:00]
Running from: c:\users\Tag\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 50
The system cannot find the file LockedB.
The system cannot find the file lockedB.
The system cannot find the path specified.
The system cannot find the file LockedB.
The system cannot find the file LockedB.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 12:07 . 2011-01-10 12:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-10 12:07 . 2011-01-10 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 01:21 . 2011-01-10 01:21 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-01-09 18:16 . 2011-01-09 18:16 -------- d-----w- c:\program files (x86)\RALINK
2011-01-09 17:56 . 2011-01-09 17:56 -------- d-----w- c:\users\Tag\AppData\Roaming\InstallShield
2011-01-09 03:52 . 2011-01-09 03:52 -------- d-----w- c:\users\Tag\AppData\Roaming\Malwarebytes
2011-01-09 03:51 . 2011-01-09 03:51 -------- d-----w- c:\programdata\Malwarebytes
2011-01-09 03:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-09 03:51 . 2011-01-09 03:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-07 11:57 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A24D333-894B-41E5-8DEC-953E2FBF22AD}\mpengine.dll
2011-01-05 13:12 . 2011-01-05 13:12 -------- d-----w- c:\users\Tag\AppData\Local\2K Games
2011-01-05 13:12 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-01-05 13:12 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-01-05 13:12 . 2010-06-02 09:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-01-05 13:12 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-01-05 12:29 . 2011-01-10 02:29 -------- d-----w- c:\program files (x86)\Steam
2011-01-05 12:29 . 2011-01-05 13:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-01-05 06:50 . 2011-01-05 06:51 -------- d-----w- c:\users\Tag\AppData\Roaming\PrimoPDF
2011-01-05 06:50 . 2011-01-05 06:50 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-01-05 05:23 . 2011-01-05 05:23 -------- d-----w- c:\users\Tag\AppData\Local\PassMark
2011-01-05 05:22 . 2011-01-05 05:22 -------- d-----w- c:\programdata\Passmark
2011-01-05 02:24 . 2010-10-16 18:55 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-05 02:24 . 2010-10-16 18:55 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-05 02:24 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-05 02:24 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-05 02:24 . 2010-10-16 18:55 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2011-01-05 02:24 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-05 02:24 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-05 02:24 . 2010-10-16 18:55 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-05 02:24 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-05 02:24 . 2010-10-16 18:55 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-05 02:19 . 2011-01-05 02:19 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-01-05 02:19 . 2011-01-05 02:19 -------- d-----w- c:\users\Tag\AppData\Roaming\SystemRequirementsLab
2011-01-02 22:15 . 2011-01-05 05:19 -------- d-----w- c:\users\Tag\AppData\Local\CurseClient
2011-01-02 22:15 . 2011-01-02 22:15 -------- d-----w- c:\program files (x86)\Curse
2010-12-31 14:44 . 2010-12-31 14:44 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-12-31 14:44 . 2010-12-31 14:44 -------- d-----w- c:\users\Guest\AppData\Local\The Weather Channel
2010-12-28 03:03 . 2011-01-05 05:14 -------- d-----w- c:\program files (x86)\World of Warcraft
2010-12-28 03:03 . 2010-12-28 03:04 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2010-12-28 03:03 . 2010-12-28 03:12 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-12-20 05:23 . 2010-12-20 05:23 -------- d-----w- c:\program files\iTunes
2010-12-20 05:23 . 2010-12-20 05:23 -------- d-----w- c:\program files\iPod
2010-12-18 13:36 . 2010-12-18 13:36 -------- d-----w- c:\program files (x86)\WinSCP
2010-12-16 02:25 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-16 02:25 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-16 02:25 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-16 02:25 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-16 02:21 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-16 02:20 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-16 02:20 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-16 02:19 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-16 02:19 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 02:19 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 02:19 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-16 00:38 . 2010-12-16 01:01 -------- d-----w- c:\users\Tag\.idlerc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-12 23:53 . 2010-05-27 10:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-06 15:06 . 2010-05-23 07:40 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-06 15:06 . 2010-05-23 07:40 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-10-19 23:38 . 2010-10-19 23:38 98304 ----a-r- c:\users\Tag\AppData\Roaming\Microsoft\Installer\{D40AF016-506C-43FB-A738-BD54FA8C1E86}\python_icon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]
"googletalk"="c:\users\Tag\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KatMouse.lnk - c:\program files (x86)\KatMouse\KatMouse.exe [2007-5-30 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-10 30192]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {47A7885D-3642-4EE9-A4CC-C3D722C39785} = 8.8.8.8,8.8.4.4
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
FF - ProfilePath - c:\users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\
FF - prefs.js: browser.search.selectedEngine - Facebook
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{462B9D99-8ED8-6560-143C-3F3143DC4F94}*]
"haeeiljncdobebmh"=hex:6a,61,67,70,6d,6c,67,6c,63,6c,70,6e,69,6b,6a,6b,70,6c,
67,67,00,69
"iageomohgibbgknfem"=hex:6a,61,67,70,6d,6c,67,6c,63,6c,70,6e,69,6b,6a,6b,70,6c,
67,67,00,69

[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,a2,d0,69,e5,4a,5a,ab,30,97,e4,5f,02,0b,39,1c,41,4f,40,48,a5,
b0,0d,d2,ff,26,e5,d9,a0,67,c6,ac,e4,56,4f,9d,71,a3,1c,28,29,68,3e,58,75,37,\
"rkeysecu"=hex:ed,72,96,fe,7b,52,95,67,4f,ea,d0,ed,5a,39,db,24

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\RALINK\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-01-10 07:19:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-10 12:19

Pre-Run: 208,871,444,480 bytes free
Post-Run: 208,549,195,776 bytes free

- - End Of File - - 3873DBEDAD4A3937A77B3522DF474A53

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll


Folder::
c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

RegNull::
[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{462B9D99-8ED8-6560-143C-3F3143DC4F94}*]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[VvWolverinevV]

Same problem as before with "PEV.cfxxe has stopped working" after reboot.


ComboFix 11-01-10.04 - Tag 01/10/2011 13:22:19.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2705 [GMT -5:00]
Running from: c:\users\Tag\Desktop\ComboFix.exe
Command switches used :: c:\users\Tag\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\TEMP\logishrd\LVPrcInj01.dll"
"c:\windows\TEMP\logishrd\LVPrcInj02.dll"
.
/wow section - STAGE 50
The system cannot find the file LockedB.
The system cannot find the file lockedB.
The system cannot find the path specified.
The system cannot find the file LockedB.
The system cannot find the file LockedB.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 18:26 . 2011-01-10 18:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-10 18:26 . 2011-01-10 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 01:21 . 2011-01-10 01:21 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-01-09 18:16 . 2011-01-09 18:16 -------- d-----w- c:\program files (x86)\RALINK
2011-01-09 17:56 . 2011-01-09 17:56 -------- d-----w- c:\users\Tag\AppData\Roaming\InstallShield
2011-01-09 03:52 . 2011-01-09 03:52 -------- d-----w- c:\users\Tag\AppData\Roaming\Malwarebytes
2011-01-09 03:51 . 2011-01-09 03:51 -------- d-----w- c:\programdata\Malwarebytes
2011-01-09 03:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-09 03:51 . 2011-01-09 03:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-07 11:57 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A24D333-894B-41E5-8DEC-953E2FBF22AD}\mpengine.dll
2011-01-05 13:12 . 2011-01-05 13:12 -------- d-----w- c:\users\Tag\AppData\Local\2K Games
2011-01-05 13:12 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-01-05 13:12 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-01-05 13:12 . 2010-06-02 09:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-01-05 13:12 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-01-05 13:12 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-01-05 12:29 . 2011-01-10 02:29 -------- d-----w- c:\program files (x86)\Steam
2011-01-05 12:29 . 2011-01-05 13:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-01-05 06:50 . 2011-01-05 06:51 -------- d-----w- c:\users\Tag\AppData\Roaming\PrimoPDF
2011-01-05 06:50 . 2011-01-05 06:50 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-01-05 05:23 . 2011-01-05 05:23 -------- d-----w- c:\users\Tag\AppData\Local\PassMark
2011-01-05 05:22 . 2011-01-05 05:22 -------- d-----w- c:\programdata\Passmark
2011-01-05 02:24 . 2010-10-16 18:55 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-05 02:24 . 2010-10-16 18:55 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-05 02:24 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-05 02:24 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-05 02:24 . 2010-10-16 18:55 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2011-01-05 02:24 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-05 02:24 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-05 02:24 . 2010-10-16 18:55 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-05 02:24 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-05 02:24 . 2010-10-16 18:55 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-05 02:19 . 2011-01-05 02:19 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-01-05 02:19 . 2011-01-05 02:19 -------- d-----w- c:\users\Tag\AppData\Roaming\SystemRequirementsLab
2011-01-02 22:15 . 2011-01-05 05:19 -------- d-----w- c:\users\Tag\AppData\Local\CurseClient
2011-01-02 22:15 . 2011-01-02 22:15 -------- d-----w- c:\program files (x86)\Curse
2010-12-31 14:44 . 2010-12-31 14:44 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-12-31 14:44 . 2010-12-31 14:44 -------- d-----w- c:\users\Guest\AppData\Local\The Weather Channel
2010-12-28 03:03 . 2011-01-05 05:14 -------- d-----w- c:\program files (x86)\World of Warcraft
2010-12-28 03:03 . 2010-12-28 03:04 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2010-12-28 03:03 . 2010-12-28 03:12 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-12-20 05:23 . 2010-12-20 05:23 -------- d-----w- c:\program files\iTunes
2010-12-20 05:23 . 2010-12-20 05:23 -------- d-----w- c:\program files\iPod
2010-12-18 13:36 . 2010-12-18 13:36 -------- d-----w- c:\program files (x86)\WinSCP
2010-12-16 02:25 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-16 02:25 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-16 02:25 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-16 02:25 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-16 02:21 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-16 02:20 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-16 02:20 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-16 02:19 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-16 02:19 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 02:19 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 02:19 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-16 00:38 . 2010-12-16 01:01 -------- d-----w- c:\users\Tag\.idlerc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-12 23:53 . 2010-05-27 10:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-06 15:06 . 2010-05-23 07:40 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-06 15:06 . 2010-05-23 07:40 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-10-19 23:38 . 2010-10-19 23:38 98304 ----a-r- c:\users\Tag\AppData\Roaming\Microsoft\Installer\{D40AF016-506C-43FB-A738-BD54FA8C1E86}\python_icon.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-10_12.13.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-23 07:36 . 2011-01-10 16:10 31212 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-10 16:10 30800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-10 12:14 30800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-23 06:58 . 2011-01-10 16:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-23 06:58 . 2011-01-10 12:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-23 06:58 . 2011-01-10 16:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-23 06:58 . 2011-01-10 12:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-23 06:58 . 2011-01-10 12:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-23 06:58 . 2011-01-10 16:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-23 06:58 . 2011-01-10 18:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-23 06:58 . 2011-01-10 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-23 06:58 . 2011-01-10 18:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-23 06:58 . 2011-01-10 12:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-23 06:58 . 2011-01-10 16:10 9738 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-419851143-2205390515-4003747433-1001_UserData.bin
- 2011-01-10 12:13 . 2011-01-10 12:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-10 18:27 . 2011-01-10 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-10 12:13 . 2011-01-10 12:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-10 18:27 . 2011-01-10 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-10 12:13 . 2009-04-30 20:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2011-01-10 18:27 . 2009-04-30 20:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2011-01-10 18:27 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2011-01-10 12:13 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:36 . 2011-01-04 00:55 628436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-10 16:15 628436 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-01-04 00:55 107742 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-10 16:15 107742 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2011-01-10 02:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-10 17:44 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]
"googletalk"="c:\users\Tag\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-10 30192]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KatMouse.lnk - c:\program files (x86)\KatMouse\KatMouse.exe [2007-5-30 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-10 30192]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 05:10]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
- c:\users\Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 06:58]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {47A7885D-3642-4EE9-A4CC-C3D722C39785} = 8.8.8.8,8.8.4.4
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
FF - ProfilePath - c:\users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\
FF - prefs.js: browser.search.selectedEngine - Facebook
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-419851143-2205390515-4003747433-1001\Software\SecuROM\License information*]
"datasecu"=hex:cb,a2,d0,69,e5,4a,5a,ab,30,97,e4,5f,02,0b,39,1c,41,4f,40,48,a5,
b0,0d,d2,ff,26,e5,d9,a0,67,c6,ac,e4,56,4f,9d,71,a3,1c,28,29,68,3e,58,75,37,\
"rkeysecu"=hex:ed,72,96,fe,7b,52,95,67,4f,ea,d0,ed,5a,39,db,24

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\RALINK\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-01-10 13:32:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-10 18:32

Pre-Run: 208,059,789,312 bytes free
Post-Run: 208,001,290,240 bytes free

- - End Of File - - 54889A9CC2D5A932725A313BCD567522

 

[Broni]

Same problem as before with "PEV.cfxxe has stopped working" after reboot.

That's fine. Combofix will run anyway.
The log looks fine now.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[VvWolverinevV]

OTL logfile created on: 1/10/2011 2:17:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Tag\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 193.79 Gb Free Space | 65.03% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 96.41 Gb Free Space | 20.70% Space Free | Partition Type: NTFS

Computer Name: TAG-PC | User Name: Tag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 14:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
PRC - [2010/12/09 05:36:06 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 11:37:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 11:37:20 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/09 20:04:28 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/03 08:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/04/16 10:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/05/08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 15:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/23 11:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
PRC - [2007/05/30 07:14:22 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouse.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 14:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/30 15:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011/01/05 07:30:12 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/09 05:36:06 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/06 10:16:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/11/06 10:07:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/11/03 11:37:20 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/09 20:04:28 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/04/23 11:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/22 08:01:35 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/07 15:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/02 17:49:44 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/05/05 20:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 20:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 20:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 20:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 20:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 20:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 20:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 20:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 20:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 20:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/12/31 05:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/22 20:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/04/30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2007/05/11 16:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 5000(UVC)
DRV:64bit: - [2007/05/11 16:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/11 16:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2007/03/07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2006/06/02 14:39:08 | 000,215,552 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA AD 7C 37 45 FA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Facebook"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/12 22:56:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 22:56:36 | 000,000,000 | ---D | M]

[2010/11/28 16:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Extensions
[2010/11/28 16:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/10/05 07:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\extensions
[2010/11/21 20:08:06 | 000,001,238 | ---- | M] () -- C:\Users\Tag\AppData\Roaming\Mozilla\Firefox\Profiles\12dfyxlk.default\searchplugins\facebook.xml
[2011/01/01 20:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/08 19:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 23:52:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 20:07:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Tag\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 14:14:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
[2011/01/10 13:28:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/01/10 13:19:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/10 09:11:10 | 008,310,726 | ---- | C] (FrostWire Team) -- C:\Users\Tag\Desktop\frostwire-4.21.3.windows.exe
[2011/01/10 06:59:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/10 06:59:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/10 06:59:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/10 06:59:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/10 06:58:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/09 20:21:21 | 000,000,000 | ---D | C] -- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
[2011/01/09 13:16:21 | 000,215,552 | ---- | C] (Ralink Technology Inc.) -- C:\Windows\SysNative\drivers\RT2500.sys
[2011/01/09 13:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2011/01/09 13:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RALINK
[2011/01/09 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Roaming\InstallShield
[2011/01/09 12:34:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/08 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Roaming\Malwarebytes
[2011/01/08 22:51:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/08 22:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/08 22:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/08 22:51:56 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/08 22:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/05 08:12:11 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Local\2K Games
[2011/01/05 07:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/01/05 07:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/01/05 07:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/01/05 01:50:54 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Roaming\PrimoPDF
[2011/01/05 01:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2011/01/05 01:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2011/01/05 00:23:39 | 000,000,000 | ---D | C] -- C:\Users\Tag\Documents\PassMark
[2011/01/05 00:23:34 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Local\PassMark
[2011/01/05 00:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark
[2011/01/04 21:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/01/04 21:24:38 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/01/04 21:24:38 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/01/04 21:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/01/04 21:19:15 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Roaming\SystemRequirementsLab
[2011/01/02 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\Tag\AppData\Local\CurseClient
[2011/01/02 17:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Curse
[2011/01/02 17:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Curse
[2010/12/27 22:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2010/12/27 22:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2010/12/27 22:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/12/27 22:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/12/20 00:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/20 00:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/20 00:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/18 08:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2010/12/18 08:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2010/12/18 07:10:32 | 000,000,000 | ---D | C] -- C:\Users\Tag\Desktop\css-dock-menu
[2010/12/15 19:38:37 | 000,000,000 | ---D | C] -- C:\Users\Tag\.idlerc
[2010/12/12 22:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 14:20:35 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 14:20:35 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 14:20:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 14:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe
[2011/01/10 14:13:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 14:13:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/01/10 14:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 14:13:00 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 13:58:08 | 000,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2011/01/10 13:58:08 | 000,062,260 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2011/01/10 13:58:08 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2011/01/10 13:18:55 | 004,151,804 | R--- | M] () -- C:\Users\Tag\Desktop\ComboFix.exe
[2011/01/10 13:13:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001UA.job
[2011/01/10 11:15:52 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/10 11:15:52 | 000,628,436 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/10 11:15:52 | 000,107,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/10 09:11:10 | 008,310,726 | ---- | M] (FrostWire Team) -- C:\Users\Tag\Desktop\frostwire-4.21.3.windows.exe
[2011/01/10 07:58:50 | 000,002,493 | -H-- | M] () -- C:\Users\Tag\Desktop\Google Chrome (Right).lnk
[2011/01/10 07:29:58 | 000,123,430 | ---- | M] () -- C:\Users\Tag\Desktop\CFerror.png
[2011/01/10 06:49:34 | 000,080,384 | ---- | M] () -- C:\Users\Tag\Desktop\MBRCheck.exe
[2011/01/09 17:26:44 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-419851143-2205390515-4003747433-1001Core.job
[2011/01/05 21:04:01 | 000,002,409 | ---- | M] () -- C:\Users\Tag\Desktop\Google Chrome (incognito).lnk
[2011/01/05 01:50:22 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/12/30 23:47:51 | 000,001,063 | ---- | M] () -- C:\Users\Tag\Desktop\Notepad++.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/18 11:55:24 | 000,000,600 | ---- | M] () -- C:\Users\Tag\AppData\Roaming\winscp.rnd
[2010/12/18 08:36:47 | 000,001,789 | ---- | M] () -- C:\Users\Tag\Desktop\WinSCP.lnk
[2010/12/18 07:05:38 | 000,208,948 | ---- | M] () -- C:\Users\Tag\Desktop\css-dock-menu.zip
[2010/12/16 19:47:55 | 000,431,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 07:29:58 | 000,123,430 | ---- | C] () -- C:\Users\Tag\Desktop\CFerror.png
[2011/01/10 06:59:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/10 06:59:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/10 06:59:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/10 06:59:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/10 06:59:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/10 06:51:24 | 004,151,804 | R--- | C] () -- C:\Users\Tag\Desktop\ComboFix.exe
[2011/01/10 06:49:37 | 000,080,384 | ---- | C] () -- C:\Users\Tag\Desktop\MBRCheck.exe
[2011/01/05 21:03:53 | 000,002,409 | ---- | C] () -- C:\Users\Tag\Desktop\Google Chrome (incognito).lnk
[2011/01/05 20:54:52 | 000,002,493 | -H-- | C] () -- C:\Users\Tag\Desktop\Google Chrome (Right).lnk
[2011/01/05 01:50:22 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2010/12/30 23:47:51 | 000,001,063 | ---- | C] () -- C:\Users\Tag\Desktop\Notepad++.lnk
[2010/12/18 08:36:47 | 000,001,789 | ---- | C] () -- C:\Users\Tag\Desktop\WinSCP.lnk
[2010/12/18 08:36:47 | 000,000,600 | ---- | C] () -- C:\Users\Tag\AppData\Roaming\winscp.rnd
[2010/12/18 07:05:40 | 000,208,948 | ---- | C] () -- C:\Users\Tag\Desktop\css-dock-menu.zip
[2010/10/31 21:56:45 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/20 05:02:57 | 000,000,424 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/04 17:32:57 | 000,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
[2010/07/04 17:27:45 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/05/23 02:40:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/05/23 02:40:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/11/15 13:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/04/05 12:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll
[2007/07/31 22:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005/09/12 22:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll
[2004/01/23 21:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll

========== LOP Check ==========

[2010/09/26 09:35:05 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\.minecraft
[2010/12/23 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\.purple
[2010/05/23 02:35:53 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\acccore
[2010/06/11 06:19:24 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\com.cldesktop.A457892AC9E286AFF16B1328DABF224A4C50065F.1
[2011/01/10 10:41:26 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\FrostWire
[2010/07/04 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\GetRightToGo
[2010/10/09 12:23:25 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\gtk-2.0
[2010/06/26 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\HandBrake
[2010/11/10 22:18:42 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\midori
[2010/12/30 23:47:05 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Notepad++
[2010/07/04 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\ooVoo Details
[2010/10/09 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\Participatory Culture Foundation
[2010/10/19 21:59:07 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\PCF-VLC
[2011/01/05 01:51:10 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\PrimoPDF
[2011/01/04 21:19:17 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\SystemRequirementsLab
[2010/11/28 16:22:48 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\TomTom
[2011/01/10 10:52:03 | 000,000,000 | ---D | M] -- C:\Users\Tag\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,023,128 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/01/10 13:32:25 | 000,021,518 | ---- | M] () -- C:\ComboFix.txt
[2011/01/10 14:13:00 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 02:29:31 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/01/10 14:13:04 | 4294,037,504 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/23 01:57:27 | 000,000,221 | -HS- | M] () -- C:\Users\Tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/10 13:18:55 | 004,151,804 | R--- | M] () -- C:\Users\Tag\Desktop\ComboFix.exe
[2011/01/10 09:11:10 | 008,310,726 | ---- | M] (FrostWire Team) -- C:\Users\Tag\Desktop\frostwire-4.21.3.windows.exe
[2011/01/10 06:49:34 | 000,080,384 | ---- | M] () -- C:\Users\Tag\Desktop\MBRCheck.exe
[2011/01/10 14:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tag\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 19:45:03 | 000,000,402 | -HS- | M] () -- C:\Users\Tag\Favorites\desktop.ini
[2010/08/17 20:01:06 | 000,003,073 | ---- | M] () -- C:\Users\Tag\Favorites\FriendFinder Messenger v4.1.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/25 06:52:59 | 000,000,424 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AUPowerManagement" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[VvWolverinevV]

OTL Extras logfile created on: 1/10/2011 2:17:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Tag\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 193.79 Gb Free Space | 65.03% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 96.41 Gb Free Space | 20.70% Space Free | Partition Type: NTFS

Computer Name: TAG-PC | User Name: Tag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Tag\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40AF016-506C-43FB-A738-BD54FA8C1E86}" = Python 3.1.2 (64-bit)
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB26471F-EE71-49EB-BF42-65C08AD6C74F}" = MySQL Server 5.1
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-64)
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}" = FriendFinder Messenger v4.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CurseClient" = Curse Client
"Digsby" = Digsby
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"FrostWire" = FrostWire 4.21.1
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"KatMouse" = KatMouse (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 2.20
"MyCamera" = Canon Utilities MyCamera
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenPandora" = OpenPandora 0.7.0.5
"PdaNet_is1" = PdaNet for Android 2.45
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 50130" = Mafia II
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 11:02:28 PM | Computer Name = Tag-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10265

Error - 1/10/2011 8:15:23 AM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0xd50 Faulting application
start time: 0x01cbb0c00e09fd86 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: 4c4c7f18-1cb3-11e0-bfc0-001e8c3f7398

Error - 1/10/2011 8:17:15 AM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0x5b4 Faulting application
start time: 0x01cbb0c051094c74 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: 8ebcfb75-1cb3-11e0-bfc0-001e8c3f7398

Error - 1/10/2011 8:17:32 AM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0x112c Faulting application
start time: 0x01cbb0c05b781467 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: 99296208-1cb3-11e0-bfc0-001e8c3f7398

Error - 1/10/2011 8:17:38 AM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0x12e8 Faulting application
start time: 0x01cbb0c05f009f4f Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: 9cb6afb1-1cb3-11e0-bfc0-001e8c3f7398

Error - 1/10/2011 2:23:19 PM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.0.1278.0, time
stamp: 0x49fa2945 Faulting module name: LVPrcSrv.exe, version: 12.0.1278.0, time
stamp: 0x49fa2945 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x320 Faulting application start time: 0x01cbb0e09b57130a Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: b287fdaa-1ce6-11e0-b916-001e8c3f7398

Error - 1/10/2011 2:29:35 PM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0x524 Faulting application
start time: 0x01cbb0f454183216 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: 92bead73-1ce7-11e0-875b-001e8c3f7398

Error - 1/10/2011 2:29:53 PM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0x17c Faulting application
start time: 0x01cbb0f45f85ad47 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: 9d4c674a-1ce7-11e0-875b-001e8c3f7398

Error - 1/10/2011 2:30:09 PM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0x11f8 Faulting application
start time: 0x01cbb0f4691e3961 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: a6d449c3-1ce7-11e0-875b-001e8c3f7398

Error - 1/10/2011 2:30:11 PM | Computer Name = Tag-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PEV.cfxxe, version: 0.0.0.0, time stamp:
0x4bd0e994 Faulting module name: PEV.cfxxe, version: 0.0.0.0, time stamp: 0x4bd0e994
Exception
code: 0xc0000417 Fault offset: 0x00082899 Faulting process id: 0xf74 Faulting application
start time: 0x01cbb0f46a2ff7a1 Faulting application path: C:\ComboFix\PEV.cfxxe Faulting
module path: C:\ComboFix\PEV.cfxxe Report Id: a7e86963-1ce7-11e0-875b-001e8c3f7398

[ System Events ]
Error - 1/9/2011 6:09:17 AM | Computer Name = Tag-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 1/10/2011 7:57:58 AM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/10/2011 8:06:53 AM | Computer Name = Tag-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/10/2011 8:07:15 AM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/10/2011 2:18:28 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/10/2011 2:19:19 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/10/2011 2:23:21 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/10/2011 2:26:06 PM | Computer Name = Tag-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/10/2011 2:26:06 PM | Computer Name = Tag-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/10/2011 2:26:24 PM | Computer Name = Tag-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
  O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
  O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[VvWolverinevV]

Registry keys not found, File moves failed

Ugh, 3.5 hours seems excessive for a system scan on a quad-core machine


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tag
->Temp folder emptied: 39601 bytes
->Temporary Internet Files folder emptied: 7127480 bytes
->Java cache emptied: 2023 bytes
->FireFox cache emptied: 15179126 bytes
->Google Chrome cache emptied: 349316656 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 18733 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 20902 bytes

Total Files Cleaned = 355.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Tag
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01102011_184112

Files\Folders moved on Reboot...
C:\Users\Tag\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


ESET (no threats found)

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[VvWolverinevV]

Windows has encountered a critical problem and will restart automatically

Thanks for your help, Broni. My computer seems fine, but then again, it seemed fine before I started this thread. My hacked WoW account was the only symptom.

Questions:

1. I take it you now believe my WoW account was hacked with the assistance of viruses; is that correct?
2. It's a little disconcerting that you have now declared my computer clean twice. Are you more certain of your declaration this time than the first?
3. Which viruses (other than those found by AntiVir in my Java cache) did I have?
4. Did I have any trojans (Do I need to change all of my passwords)?

Notes:

1. Just before OTL finished the fix, I received the OS error "Windows has encountered a critical problem and will restart automatically in one minute".
2. OTL is still showing file move failures.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tag
->Temp folder emptied: 93065 bytes
->Temporary Internet Files folder emptied: 5479442 bytes
->Java cache emptied: 2023 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 57546436 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 643 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 45367846 bytes

Total Files Cleaned = 104.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Tag
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.20.1 log created on 01102011_231328

Files\Folders moved on Reboot...
C:\Users\Tag\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[Broni]

Questions...
1. No, because nothing serious was found on your computer.
2. My first assessment was as good as the last one since....see #1
3. None. All we did, we just cleaned some garbage.

Notes...
1. It can always happen during cleaning process, since we're using tools, which are not toys.
2. None of those files are malicious (belong to Logitech product). Combofix and OTL attempt to clear certain temporary folders. Even, if they don't success, not a big deal.

...and lastly...

My computer seems fine, but then again, it seemed fine before I started this thread

Well, no surprise since nothing was there.

Good luck and stay safe

 

[VvWolverinevV]

Awesome! This is great news as changing all of my passwords would be a headache to say the least Thanks for the peace of mind :grinthumb

 

[Broni]

You're very welcome