Solved TCP Open Ports - Rootkit

[Resolved] TCP Open Ports - Rootkit

I have been told by a technician at a computer store that the reason my computer hangs up randomly (see this thread) is because I have over 30 open TCP ports caused by a rootkit. I have been referred here from another part of the forum for help with the rootkit.


Here are my logs:



MBAM

Database version: 5203

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/27/2010 10:44:23 PM
mbam-log-2010-11-27 (22-44-23).txt

Scan type: Quick scan
Objects scanned: 152615
Time elapsed: 1 hour(s), 8 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-27 21:32:51
Windows 6.1.7600
Running: t6yn40ex.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????e???11?t??????????????????????????????:???????????h?????5.0.15.0????????????????????????????????????????????n????????????????????9????:???????????h??????????????3???????????*??????????????????????.s???????????????????????????????????????????????????????????????????P??@%systemroot%\system32\srvsvc.dll,-102??????System?Pub??6-21-2006???6-21-2006???????????????? ???????????2??10????4?????????????????????????????????????????-4??????????????????????6-21-2006???????????????os??? ???????????????????????????????????????????????????????????????????e????4??????d??????????????el??????FE????????????N??????3????Df92??????????????????????.NT?l_????6??????E????????X?????????????????????????l_????f????????g??????????????????????:???????????h?????????????????????????????????????????????sb??????s???.NT????????????????????????d????????????????disk.inf??????????????????????????????????????????????????????6???????????h?????????????????????????????????????????????.NT???????X???????????h??????????????????????????????}?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???T?????????????????????????????????/??????s???Microsoft???????????????????????s??????????????????e????????????????0????????????e???????z??????????????????4&11623ba7&0?????z?z?x???????3?????????????????????????????????????????????????????????????e??????X??n???????????????/???s???????t????.??X?????g?????????????????????????????????????????????????/??????s?????L??T????????????y??????????o????????????y????????? ????????????e??? ???????????????????????????8??????????????????? ???{??????????????????????????????????????????????2?????????47?????????????????? ???????????????????????????????????5398-158??????????????? ??X???t??????sa???????X???????e???T?ler?????????????????????t????intelide?4????????????????????????18?????????0???????????????????????????? ??????????????????????????????????????????????????????????????????n??????????????ACPI\ACPI0003?*ACPI0003??c??System???????????/??????s???WUDFRd???????????/???&???&???????,?????????e?????i?l?:??? 2??T???E?????rCa??? ???}???????????????????????????e????????????????X
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????????:??machine.inf_amd64_neutral_9e6bb86c3b39a3e9??????????????????????NDIS Wrapper????@%systemroot%\system32\wkssvc.dll,-1004??????????????A??tJ??????????????????????????????????????????????????????????????@%systemroot%\system32\wkssvc.dll,-1003???????P????????????n?????????????????????????????????????????????s???C??sF???y??????????????system32\DRIVERS\nwifi.sys??????????????????????@%systemroot%\system32\wkssvc.dll,-1007?????????????????t?????????????????????????????????????????????????:????????????s?????????????1???????????P??????????Microsoft???????????@%systemroot%\system32\wkssvc.dll,-1005?????????????????????system32\DRIVERS\mrxsmb20.sys?????<?????????????????system32\DRIVERS\ndisuio.sys?????????????????????????????????????4??55??55???????????????????0??????AC??????????????t?????6???????????h?????????????????t?????$????????????e????@%SystemRoot%\system32\drivers\ndis.sys,-201????????????????????????NDIS Usermode I/O Protocol??????????????????t???????????????????????????????????????????t??????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ?????:??machine.inf_amd64_neutral_9e6bb86c3b39a3e9??????????????????????NDIS Wrapper????@%systemroot%\system32\wkssvc.dll,-1004??????????????A??tJ??????????????????????????????????????????????????????????????@%systemroot%\system32\wkssvc.dll,-1003???????P????????????n?????????????????????????????????????????????s???C??sF???y??????????????system32\DRIVERS\nwifi.sys??????????????????????@%systemroot%\system32\wkssvc.dll,-1007?????????????????t?????????????????????????????????????????????????:????????????s?????????????1???????????P??????????Microsoft???????????@%systemroot%\system32\wkssvc.dll,-1005?????????????????????system32\DRIVERS\mrxsmb20.sys?????<?????????????????system32\DRIVERS\ndisuio.sys?????????????????????????????????????4??55??55???????????????????0??????AC??????????????t?????6???????????h?????????????????t?????$????????????e????@%SystemRoot%\system32\drivers\ndis.sys,-201????????????????????????NDIS Usermode I/O Protocol??????????????????t???????????????????????????????????????????t??????????????

---- EOF - GMER 1.0.15 ----


MBR Check
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 5920G
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 213):
0x01E51000 \SystemRoot\system32\ntoskrnl.exe
0x01E08000 \SystemRoot\system32\hal.dll
0x01D44000 \SystemRoot\system32\kdcom.dll
0x00C26000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6A000 \SystemRoot\system32\PSHED.dll
0x00C7E000 \SystemRoot\system32\CLFS.SYS
0x00CDC000 \SystemRoot\system32\CI.dll
0x00EB2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F56000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F65000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FBC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FCF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\System32\drivers\partmgr.sys
0x011AB000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x011DA000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01000000 \SystemRoot\System32\drivers\volmgrx.sys
0x0105C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x01064000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x011EF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E48000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E54000 \SystemRoot\System32\drivers\mountmgr.sys
0x0128D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x013A9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013B2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013DC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01200000 \SystemRoot\system32\drivers\fltmgr.sys
0x0124C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01260000 \SystemRoot\system32\drivers\CBUFS.sys
0x01416000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00D9C000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016A2000 \SystemRoot\System32\Drivers\cng.sys
0x01715000 \SystemRoot\System32\drivers\pcw.sys
0x01726000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01864000 \SystemRoot\system32\drivers\ndis.sys
0x01956000 \SystemRoot\system32\drivers\NETIO.SYS
0x019B6000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01730000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0184A000 \SystemRoot\System32\Drivers\spldr.sys
0x0177C000 \SystemRoot\system32\DRIVERS\snapman.sys
0x017C1000 \SystemRoot\System32\drivers\rdyboost.sys
0x01852000 \SystemRoot\System32\Drivers\mup.sys
0x019E1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x0163A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0166A000 \SystemRoot\system32\drivers\bdisk.sys
0x01CBC000 \SystemRoot\system32\DRIVERS\cbvd.sys
0x01D36000 \SystemRoot\system32\DRIVERS\86534062.sys
0x01D65000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01D8F000 \SystemRoot\system32\DRIVERS\8653406.sys
0x01DEB000 \SystemRoot\System32\Drivers\Null.SYS
0x01DF4000 \SystemRoot\System32\Drivers\Beep.SYS
0x01C00000 \SystemRoot\System32\drivers\vga.sys
0x01C0E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01C33000 \SystemRoot\System32\drivers\watchdog.sys
0x01C43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01C4C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01C55000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01C5E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01C69000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01C7A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01C98000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0262C000 \SystemRoot\system32\drivers\afd.sys
0x026B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x026FB000 \SystemRoot\system32\drivers\sbtis.sys
0x02753000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0275C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02782000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02791000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x027AC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x027C0000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x02EB2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02F03000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02F0F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02F1A000 \SystemRoot\System32\drivers\discache.sys
0x02F29000 \SystemRoot\System32\Drivers\dfsc.sys
0x02F47000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F58000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03206000 \SystemRoot\system32\DRIVERS\86534061.sys
0x0372F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03755000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04048000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04B4F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03875000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03969000 \SystemRoot\System32\drivers\dxgmms1.sys
0x039AF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03856000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x039BC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03A14000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x03F4F000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x03F97000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03FD5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04B51000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x039E0000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x04BA8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03A00000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x04BC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0376B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03A0C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04BD5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03867000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03A0E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04BE4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04016000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0403A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x037C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02F7A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02F95000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FB6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04BF4000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x03FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E43000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04C58000 \SystemRoot\system32\DRIVERS\vdbus.sys
0x04CF5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D07000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04D61000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0306C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x031B3000 \SystemRoot\system32\drivers\portcls.sys
0x03000000 \SystemRoot\system32\drivers\drmk.sys
0x03022000 \SystemRoot\system32\drivers\ksthunk.sys
0x04D76000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x04E3B000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x052C5000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x05390000 \SystemRoot\system32\drivers\modem.sys
0x0539F000 \SystemRoot\system32\DRIVERS\hidir.sys
0x053B0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x053C9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x053D2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x053E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05021000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x051D7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x051E8000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x05000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x051F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05200000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05215000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x05229000 \SystemRoot\System32\Drivers\crashdmp.sys
0x01074000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05237000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x0524A000 \SystemRoot\System32\drivers\Dxapi.sys
0x05256000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x05264000 \SystemRoot\system32\drivers\luafv.sys
0x052A0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x04FAF000 \SystemRoot\system32\drivers\WudfPf.sys
0x05287000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04C00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x053ED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04FD0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07ABA000 \SystemRoot\system32\drivers\HTTP.sys
0x07B82000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07BA0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07BB8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x088D2000 \SystemRoot\system32\drivers\peauth.sys
0x08978000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08983000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x089B0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C5A000 \SystemRoot\System32\DRIVERS\srv.sys
0x08CF0000 \SystemRoot\System32\drivers\ipnat.sys
0x08D90000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76F90000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0xFF2B0000 \Windows\System32\apisetschema.dll
0xFFF80000 \Windows\System32\autochk.exe
0xFF1C0000 \Windows\System32\oleaut32.dll
0xFF170000 \Windows\System32\Wldap32.dll
0xFF040000 \Windows\System32\wininet.dll
0xFF020000 \Windows\System32\sechost.dll
0xFEE10000 \Windows\System32\ole32.dll
0xFEC30000 \Windows\System32\setupapi.dll
0xFEC20000 \Windows\System32\lpk.dll
0xFEAF0000 \Windows\System32\rpcrt4.dll
0xFEA50000 \Windows\System32\clbcatq.dll
0xFE980000 \Windows\System32\usp10.dll
0xFE800000 \Windows\System32\urlmon.dll
0xFE7B0000 \Windows\System32\ws2_32.dll
0x76E90000 \Windows\System32\user32.dll
0xFE790000 \Windows\System32\imagehlp.dll
0xFE710000 \Windows\System32\shlwapi.dll
0x76D70000 \Windows\System32\kernel32.dll
0xFE670000 \Windows\System32\msvcrt.dll
0x77160000 \Windows\System32\psapi.dll
0x77150000 \Windows\System32\normaliz.dll
0xFE410000 \Windows\System32\iertutil.dll
0xFE300000 \Windows\System32\msctf.dll
0xFE290000 \Windows\System32\gdi32.dll
0xFE1B0000 \Windows\System32\advapi32.dll
0xFE180000 \Windows\System32\imm32.dll
0xFE170000 \Windows\System32\nsi.dll
0xFE0D0000 \Windows\System32\comdlg32.dll
0xFE050000 \Windows\System32\difxapi.dll
0xFD2C0000 \Windows\System32\shell32.dll
0xFD2A0000 \Windows\System32\devobj.dll
0xFD130000 \Windows\System32\crypt32.dll
0xFD0F0000 \Windows\System32\wintrust.dll
0xFD050000 \Windows\System32\comctl32.dll
0xFD010000 \Windows\System32\cfgmgr32.dll
0xFCFA0000 \Windows\System32\KernelBase.dll
0xFCF90000 \Windows\System32\msasn1.dll

Processes (total 54):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
632 csrss.exe
692 C:\Windows\System32\wininit.exe
708 csrss.exe
744 C:\Windows\System32\services.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\spoolsv.exe
1548 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\taskhost.exe
1596 C:\Windows\System32\dwm.exe
1628 C:\Windows\explorer.exe
1776 C:\Windows\System32\svchost.exe
1824 C:\Windows\System32\svchost.exe
1912 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2024 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1276 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2576 C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2948 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3048 C:\Windows\System32\alg.exe
1760 C:\Windows\System32\SearchIndexer.exe
2664 C:\Windows\System32\taskhost.exe
3324 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3424 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3444 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3464 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3480 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3496 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3516 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
3532 C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
4044 C:\Program Files\Windows Media Player\wmpnetwk.exe
3188 C:\Windows\System32\svchost.exe
2288 dllhost.exe
3928 C:\Windows\System32\svchost.exe
3064 C:\Windows\System32\svchost.exe
3372 C:\Windows\System32\audiodg.exe
1336 C:\Windows\System32\SearchProtocolHost.exe
2372 C:\Windows\System32\SearchFilterHost.exe
1064 dllhost.exe
1956 dllhost.exe
2404 C:\Users\Alex\Desktop\MBRCheck.exe
3772 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


DDS 1

DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Alex at 21:36:09.04 on Sat 11/27/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.923 [GMT -5:00]

SP: Avanquest Fix-It *disabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alex\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

============= SERVICES / DRIVERS ===============

R0 86534062;86534062 Boot Guard Driver;C:\Windows\System32\drivers\86534062.sys [2009-12-12 40464]
R0 bdisk;COMODO Disk Raw Access Filter;C:\Windows\System32\drivers\bdisk.sys [2010-11-25 79064]
R0 CBUfs;CBUfs;C:\Windows\System32\drivers\cbufs.sys [2010-11-25 141888]
R0 cbvd;Comodo Encrypted Virtual Disk;C:\Windows\System32\drivers\CBVD.sys [2010-11-25 491552]
R1 86534061;86534061;C:\Windows\System32\drivers\86534061.sys [2009-12-12 157712]
R1 sbtis;sbtis;C:\Windows\System32\drivers\sbtis.sys [2009-11-2 82480]
R1 setup_9.0.0.722_13.12.2009_06-36drv;setup_9.0.0.722_13.12.2009_06-36drv;C:\Windows\System32\drivers\8653406.sys [2009-12-12 352784]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-5-31 83120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 vdbus;Virtual Disk Bus Enumerator;C:\Windows\System32\drivers\vdbus.sys [2010-11-25 631096]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2008-7-18 62000]
S3 reparse;reparse;C:\Windows\System32\drivers\cbreparse.sys [2010-11-25 496184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-31 135336]
S4 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-31 267944]
S4 COSService.exe;Comodo Online Storage Service;C:\Program Files\COMODO\COMODO BackUp\COSService.exe [2010-11-25 670640]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\Hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SBAMSvc;Fix-It; "C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe" --> C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 SynchronizationService.exe;Comodo BackUp Service;C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe [2010-11-25 1558448]

=============== Created Last 30 ================

2010-11-27 18:50:23 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-27 04:46:53 -------- d-----w- C:\Program Files (x86)\ESET
2010-11-26 18:10:17 -------- d-----w- C:\Program Files\COMODO
2010-11-26 18:10:05 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2010-11-26 06:48:23 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{AB74F5A9-BB26-4D39-95E0-C6B61DC08A5A}\mpengine.dll
2010-11-25 14:58:30 79064 ----a-w- C:\Windows\System32\drivers\bdisk.sys
2010-11-25 14:58:24 141888 ----a-w- C:\Windows\System32\drivers\cbufs.sys
2010-11-25 14:58:18 491552 ----a-w- C:\Windows\System32\drivers\CBVD.sys
2010-11-25 14:58:12 631096 ----a-w- C:\Windows\System32\drivers\vdbus.sys
2010-11-25 14:58:04 496184 ----a-w- C:\Windows\System32\drivers\cbreparse.sys
2010-11-24 17:03:51 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 17:03:51 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-21 18:22:13 272992 ----a-w- C:\Windows\System32\drivers\snapman.sys
2010-11-21 17:57:34 -------- d-----w- C:\Program Files (x86)\SIW
2010-11-20 02:05:56 -------- d-----w- C:\Users\Alex\AppData\Local\Apps
2010-11-16 03:58:17 -------- d-----w- C:\Program Files\iTunes
2010-11-16 03:58:17 -------- d-----w- C:\Program Files\iPod
2010-11-16 03:58:17 -------- d-----w- C:\Program Files (x86)\iTunes

==================== Find3M ====================

2010-11-23 17:27:01 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-21 21:45:42 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-09-28 20:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 20:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

============= FINISH: 21:37:22.03 ==============

DDS 2
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2010 9:29:36 PM
System Uptime: 11/27/2010 9:08:19 PM (0 hours ago)

Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 55.947 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01211025&REV_12\4&1549EFE7&0&4BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01211025&REV_12\4&1549EFE7&0&4BF0
Service:

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01211025&REV_12\4&1549EFE7&0&4AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01211025&REV_12\4&1549EFE7&0&4AF0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acer Crystal Eye
Acer Crystal Eye webcam
Acer Crystal Eye Webcam Video Class Camera
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AIM 6
Amazon MP3 Downloader 1.0.10
Antares Autotune VST RTAS TDM v5.08
Apple Application Support
Apple Software Update
ASIO4ALL
Audacity 1.2.6
Avanquest update
Avira AntiVir Personal - Free Antivirus
BitTorrent
Convert VOB to AVI 1.7
DNA
eReg
ESET Online Scanner v3
Fix-It Utilities 9 Professional
FL Studio 8
FLV Player 2.0 (build 25)
Google Chrome
Hitachi Align Tool
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Codec Pack 6.3.0 (Full)
Launch Manager
Lexicon Lambda ASIO (remove only)
LogMeIn Hamachi
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 Browser
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
PowerISO
Project64 1.6
Prototype(TM)
QuickTime
Realtek High Definition Audio Driver
Reason Demo 4.0.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SIW version 2010.07.14
Steam
Steinberg Cubase LE 4
SyncroSoft Emu (Remove only)
Syncrosoft License Control
Toxic Biohazard
TuxGuitar 1.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (KB2443839)
VLC media player 0.9.8a
Windows Installer Clean Up
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Windows Resource Kit Tools
WinRAR archiver
Worms Armageddon - New Edition

==== Event Viewer Messages From Past Week ========

86534061 avipbb discache SCDEmu setup_9.0.0.722_13.12.2009_06-36drv spldr sptd Wanarpv6
86534061 avipbb discache SCDEmu setup_9.0.0.722_13.12.2009_06-36drv spldr sptd Wanarpv6
86534061 AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss sbtis SCDEmu setup_9.0.0.722_13.12.2009_06-36drv spldr sptd tdx Wanarpv6 WfpLwf
86534061 AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss sbtis SCDEmu setup_9.0.0.722_13.12.2009_06-36drv spldr sptd tdx Wanarpv6 WfpLwf
11/27/2010 9:36:30 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/27/2010 9:09:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
11/27/2010 9:08:47 PM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: This driver has been blocked from loading
11/27/2010 9:08:47 PM, Error: Application Popup [875] - Driver sbapifs.sys has been blocked from loading.
11/27/2010 9:08:22 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/27/2010 2:02:57 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
11/27/2010 1:46:27 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/27/2010 1:43:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
11/27/2010 1:42:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
11/27/2010 1:42:37 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/27/2010 1:42:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/27/2010 1:42:07 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/27/2010 1:41:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
11/27/2010 1:40:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/26/2010 12:52:47 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
11/26/2010 12:50:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/25/2010 8:25:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
11/25/2010 8:25:12 AM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2010 11:36:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
11/25/2010 11:36:05 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2010 11:16:48 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/25/2010 10:49:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:47:40 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
11/25/2010 10:44:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/25/2010 10:44:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/25/2010 10:44:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/25/2010 10:44:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/25/2010 10:44:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/25/2010 10:43:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/25/2010 10:43:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 10:43:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 10:14:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
11/24/2010 3:22:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/24/2010 3:21:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
11/24/2010 2:54:22 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
11/24/2010 12:43:03 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5BFF5A2A-32BB-4563-8229-B06382BC621E}. The master browser is stopping or an election is being forced.
11/24/2010 11:57:09 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 66.158.226.74, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
11/24/2010 11:33:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
11/24/2010 11:30:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
11/23/2010 2:55:16 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5BFF5A2A-32BB-4563-8229-B06382BC621E}. The master browser is stopping or an election is being forced.
11/23/2010 12:15:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/23/2010 12:15:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
11/23/2010 12:15:24 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2010 1:25:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira AntiVir Guard service to connect.
11/23/2010 1:25:58 PM, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2010 1:25:28 PM, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/22/2010 5:51:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
11/22/2010 5:50:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
11/22/2010 5:49:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.
11/22/2010 4:39:55 PM, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/21/2010 12:52:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 1:16:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/21/2010 1:16:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/20/2010 3:25:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8001892040, 0xfffff80001d40740). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112010-26254-01.
11/20/2010 2:54:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/20/2010 2:53:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.

==== End Of File ===========================

 

I had to reinstall Avira, but now it is working again.. I installed Comodo just a day or two ago, and just uninstalled it. I also removed BitTorrent, I didn't realize I still had it on my computer!

Here is the first log the OTL scan gave me, a second log (Extras.txt) didn't open after the scan, nor did it save to where OTL is. EDIT: I just ran it a second time, and still no luck.

OTL.txt
OTL logfile created on: 11/28/2010 4:19:44 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.29 Gb Total Space | 55.94 Gb Free Space | 40.16% Space Free | Partition Type: NTFS

Computer Name: ALEX-LAPTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2010/11/01 16:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/13 21:04:09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/25 09:58:02 | 000,670,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO BackUp\COSService.exe -- (COSService.exe)
SRV:64bit: - [2010/11/25 09:58:00 | 001,558,448 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe -- (SynchronizationService.exe)
SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/11/04 09:53:13 | 000,267,944 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/04 09:53:13 | 000,135,336 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/13 14:04:09 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/30 10:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/31 16:06:22 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/25 09:58:30 | 000,079,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bdisk.sys -- (bdisk)
DRV:64bit: - [2010/11/25 09:58:24 | 000,141,888 | ---- | M] (COMODO Security Solutions Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\cbufs.sys -- (CBUfs)
DRV:64bit: - [2010/11/25 09:58:18 | 000,491,552 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CBVD.sys -- (cbvd)
DRV:64bit: - [2010/11/25 09:58:12 | 000,631,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdbus.sys -- (vdbus)
DRV:64bit: - [2010/11/25 09:58:04 | 000,496,184 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cbreparse.sys -- (reparse)
DRV:64bit: - [2010/11/23 12:27:01 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/11/21 13:22:13 | 000,272,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/10/22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\86534062.sys -- (86534062)
DRV:64bit: - [2009/10/09 22:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\8653406.sys -- (setup_9.0.0.722_13.12.2009_06-36drv)
DRV:64bit: - [2009/09/25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\86534061.sys -- (86534061)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 02:47:42 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/10/09 10:21:04 | 000,082,480 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV:64bit: - [2008/07/18 00:26:32 | 000,062,000 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2007/12/06 17:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/13 13:55:02 | 001,792,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2007/03/28 07:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV:64bit: - [2006/11/18 16:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2007/08/13 13:54:22 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E BE 67 65 ED 8D CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/07/11 09:53:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/01 15:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 15:03:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/12/12 13:30:50 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - " " = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - " " = G:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 16:18:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/11/27 21:34:02 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.46.exe
[2010/11/27 20:59:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\TFC.exe
[2010/11/27 13:50:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/26 23:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/26 13:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/11/25 09:58:24 | 000,141,888 | ---- | C] (COMODO Security Solutions Inc.) -- C:\Windows\SysNative\drivers\cbufs.sys
[2010/11/25 09:58:04 | 000,496,184 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cbreparse.sys
[2010/11/21 13:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/11/21 13:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/11/21 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010/11/19 21:05:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Apps
[2010/11/15 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/15 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/30 00:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/18 19:40:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/11/28 16:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/28 16:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201300541-1120052678-3394950442-1000UA.job
[2010/11/28 12:40:53 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 12:40:53 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 12:33:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/11/28 12:33:13 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 22:12:45 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201300541-1120052678-3394950442-1000Core.job
[2010/11/27 21:35:58 | 000,630,272 | ---- | M] () -- C:\Users\Alex\Desktop\dds.scr
[2010/11/27 21:34:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.46.exe
[2010/11/27 21:34:15 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2010/11/27 21:10:33 | 000,296,448 | ---- | M] () -- C:\Users\Alex\Desktop\t6yn40ex.exe
[2010/11/27 20:59:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\TFC.exe
[2010/11/27 18:53:10 | 052,603,624 | ---- | M] () -- C:\Users\Alex\Desktop\qrc49b9x.exe
[2010/11/27 15:26:32 | 000,951,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/27 15:26:32 | 000,784,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/27 15:26:32 | 000,165,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 13:11:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vdbus_01009.Wdf
[2010/11/25 09:58:30 | 000,079,064 | ---- | M] () -- C:\Windows\SysNative\drivers\bdisk.sys
[2010/11/25 09:58:24 | 000,141,888 | ---- | M] (COMODO Security Solutions Inc.) -- C:\Windows\SysNative\drivers\cbufs.sys
[2010/11/25 09:58:18 | 000,491,552 | ---- | M] () -- C:\Windows\SysNative\drivers\CBVD.sys
[2010/11/25 09:58:12 | 000,631,096 | ---- | M] () -- C:\Windows\SysNative\drivers\vdbus.sys
[2010/11/25 09:58:04 | 000,496,184 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cbreparse.sys
[2010/11/24 14:22:18 | 000,012,391 | ---- | M] () -- C:\Users\Alex\Documents\Japanese Speech.docx
[2010/11/23 15:28:28 | 002,176,051 | ---- | M] () -- C:\Users\Alex\Documents\Japanese Speech PPT.pptx
[2010/11/23 12:27:01 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/20 03:25:11 | 350,022,723 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/17 00:17:54 | 000,011,156 | ---- | M] () -- C:\Users\Alex\Documents\Drummers as Musicians.docx
[2010/11/08 20:44:37 | 000,007,598 | ---- | M] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2010/10/31 21:12:13 | 000,086,023 | ---- | M] () -- C:\Users\Alex\Documents\Rebecca 18 Inside.docx
[2010/10/30 10:36:35 | 000,017,175 | ---- | M] () -- C:\Users\Alex\Documents\Rebecca 18 Front.docx
[2010/10/29 17:58:26 | 000,422,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/27 21:35:56 | 000,630,272 | ---- | C] () -- C:\Users\Alex\Desktop\dds.scr
[2010/11/27 21:34:15 | 000,080,384 | ---- | C] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2010/11/27 21:10:30 | 000,296,448 | ---- | C] () -- C:\Users\Alex\Desktop\t6yn40ex.exe
[2010/11/27 18:50:03 | 052,603,624 | ---- | C] () -- C:\Users\Alex\Desktop\qrc49b9x.exe
[2010/11/26 13:11:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vdbus_01009.Wdf
[2010/11/25 09:58:30 | 000,079,064 | ---- | C] () -- C:\Windows\SysNative\drivers\bdisk.sys
[2010/11/25 09:58:18 | 000,491,552 | ---- | C] () -- C:\Windows\SysNative\drivers\CBVD.sys
[2010/11/25 09:58:12 | 000,631,096 | ---- | C] () -- C:\Windows\SysNative\drivers\vdbus.sys
[2010/11/23 15:28:26 | 002,176,051 | ---- | C] () -- C:\Users\Alex\Documents\Japanese Speech PPT.pptx
[2010/11/20 03:25:11 | 350,022,723 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/17 00:17:52 | 000,011,156 | ---- | C] () -- C:\Users\Alex\Documents\Drummers as Musicians.docx
[2010/11/14 14:18:03 | 000,012,391 | ---- | C] () -- C:\Users\Alex\Documents\Japanese Speech.docx
[2010/10/30 10:41:37 | 000,086,023 | ---- | C] () -- C:\Users\Alex\Documents\Rebecca 18 Inside.docx
[2010/10/30 10:36:35 | 000,017,175 | ---- | C] () -- C:\Users\Alex\Documents\Rebecca 18 Front.docx
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/16 18:27:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/16 18:27:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/16 18:27:17 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/16 18:27:17 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/16 18:27:17 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/03/09 21:33:06 | 000,856,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/05 23:18:06 | 000,005,632 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 22:41:15 | 000,007,598 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2010/01/04 21:29:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/17 21:48:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:22:06 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\WinSATAPI.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/18 19:41:00 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2009/05/18 19:41:00 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2009/05/18 19:40:59 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2009/05/18 19:40:59 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2009/05/18 19:40:59 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2009/05/18 19:40:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/01/04 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\acccore
[2010/01/04 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acoustica
[2010/01/04 20:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
[2010/01/04 20:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Antares
[2010/01/04 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avanquest
[2010/01/04 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Braid
[2009/03/06 02:59:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Net
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2010/01/06 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2010/10/21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2010/01/04 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software
[2010/01/04 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steinberg
[2010/10/03 11:12:22 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/04 22:38:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/28 12:33:13 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/18 23:13:12 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2009/12/12 23:44:31 | 000,000,229 | ---- | M] () -- C:\JavaRa.log
[2010/11/28 12:33:18 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/17 22:30:25 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/01/04 21:32:11 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/27 21:34:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.46.exe
[2010/11/27 21:34:15 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/11/27 18:53:10 | 052,603,624 | ---- | M] () -- C:\Users\Alex\Desktop\qrc49b9x.exe
[2010/11/27 21:10:33 | 000,296,448 | ---- | M] () -- C:\Users\Alex\Desktop\t6yn40ex.exe
[2010/11/27 20:59:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 10:39:41 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/28 12:33:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1063995

< End of report >

 

Sorry about that. I reinstalled Avira and it works fine now.

 

Avira was on and running, and now it has stopped and won't let me enable it again (option is greyed out). Here is a fresh log, but again, I think it's without Avira on.


OTL logfile created on: 11/28/2010 7:20:19 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.29 Gb Total Space | 55.38 Gb Free Space | 39.76% Space Free | Partition Type: NTFS

Computer Name: ALEX-LAPTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2010/11/01 16:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/13 21:04:09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/13 14:04:09 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/30 10:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/31 16:06:22 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/21 13:22:13 | 000,272,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/02 16:10:08 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/10/22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\86534062.sys -- (86534062)
DRV:64bit: - [2009/10/09 22:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\8653406.sys -- (setup_9.0.0.722_13.12.2009_06-36drv)
DRV:64bit: - [2009/09/25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\86534061.sys -- (86534061)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 02:47:42 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/10/09 10:21:04 | 000,082,480 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV:64bit: - [2008/07/18 00:26:32 | 000,062,000 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2007/12/06 17:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/08/13 13:55:02 | 001,792,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2007/03/28 07:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV:64bit: - [2006/11/18 16:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2007/08/13 13:54:22 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E BE 67 65 ED 8D CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/07/11 09:53:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/01 15:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/01 15:03:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/12/12 13:30:50 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - " " = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - " " = G:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 17:28:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Avira
[2010/11/28 17:22:14 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/11/28 17:22:13 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/28 17:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/28 16:18:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/11/27 20:59:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\TFC.exe
[2010/11/27 13:50:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/26 23:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/21 13:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/11/21 13:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/11/21 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010/11/19 21:05:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Apps
[2010/11/15 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/15 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/30 00:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/18 19:40:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/11/28 19:30:18 | 025,068,856 | ---- | M] () -- C:\Users\Alex\Desktop\Zunechan (1).rar.crdownload
[2010/11/28 19:09:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201300541-1120052678-3394950442-1000UA.job
[2010/11/28 18:21:38 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 18:21:38 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 18:14:26 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/11/28 18:13:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/28 18:13:50 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 17:37:55 | 068,283,972 | ---- | M] () -- C:\Users\Alex\Desktop\Zunechan.rar.crdownload
[2010/11/28 17:25:55 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/28 17:19:27 | 053,123,856 | ---- | M] () -- C:\Users\Alex\Desktop\avira_antivir_personal_en.exe
[2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/11/27 22:12:45 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-201300541-1120052678-3394950442-1000Core.job
[2010/11/27 21:35:58 | 000,630,272 | ---- | M] () -- C:\Users\Alex\Desktop\dds.scr
[2010/11/27 21:34:15 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2010/11/27 21:10:33 | 000,296,448 | ---- | M] () -- C:\Users\Alex\Desktop\t6yn40ex.exe
[2010/11/27 20:59:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\TFC.exe
[2010/11/27 18:53:10 | 052,603,624 | ---- | M] () -- C:\Users\Alex\Desktop\qrc49b9x.exe
[2010/11/27 15:26:32 | 000,951,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/27 15:26:32 | 000,784,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/27 15:26:32 | 000,165,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 13:11:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vdbus_01009.Wdf
[2010/11/24 14:22:18 | 000,012,391 | ---- | M] () -- C:\Users\Alex\Documents\Japanese Speech.docx
[2010/11/23 15:28:28 | 002,176,051 | ---- | M] () -- C:\Users\Alex\Documents\Japanese Speech PPT.pptx
[2010/11/20 03:25:11 | 350,022,723 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/17 00:17:54 | 000,011,156 | ---- | M] () -- C:\Users\Alex\Documents\Drummers as Musicians.docx
[2010/11/08 20:44:37 | 000,007,598 | ---- | M] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2010/10/31 21:12:13 | 000,086,023 | ---- | M] () -- C:\Users\Alex\Documents\Rebecca 18 Inside.docx
[2010/10/30 10:36:35 | 000,017,175 | ---- | M] () -- C:\Users\Alex\Documents\Rebecca 18 Front.docx

========== Files Created - No Company Name ==========

[2010/11/28 19:23:47 | 003,130,808 | ---- | C] () -- C:\Users\Alex\Desktop\Zunechan (1).rar.crdownload
[2010/11/28 17:37:55 | 068,283,972 | ---- | C] () -- C:\Users\Alex\Desktop\Zunechan.rar.crdownload
[2010/11/28 17:16:24 | 053,123,856 | ---- | C] () -- C:\Users\Alex\Desktop\avira_antivir_personal_en.exe
[2010/11/27 21:35:56 | 000,630,272 | ---- | C] () -- C:\Users\Alex\Desktop\dds.scr
[2010/11/27 21:34:15 | 000,080,384 | ---- | C] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2010/11/27 21:10:30 | 000,296,448 | ---- | C] () -- C:\Users\Alex\Desktop\t6yn40ex.exe
[2010/11/27 18:50:03 | 052,603,624 | ---- | C] () -- C:\Users\Alex\Desktop\qrc49b9x.exe
[2010/11/26 13:11:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vdbus_01009.Wdf
[2010/11/23 15:28:26 | 002,176,051 | ---- | C] () -- C:\Users\Alex\Documents\Japanese Speech PPT.pptx
[2010/11/20 03:25:11 | 350,022,723 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/17 00:17:52 | 000,011,156 | ---- | C] () -- C:\Users\Alex\Documents\Drummers as Musicians.docx
[2010/11/14 14:18:03 | 000,012,391 | ---- | C] () -- C:\Users\Alex\Documents\Japanese Speech.docx
[2010/10/30 10:41:37 | 000,086,023 | ---- | C] () -- C:\Users\Alex\Documents\Rebecca 18 Inside.docx
[2010/10/30 10:36:35 | 000,017,175 | ---- | C] () -- C:\Users\Alex\Documents\Rebecca 18 Front.docx
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/16 18:27:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/16 18:27:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/16 18:27:17 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/16 18:27:17 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/16 18:27:17 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/03/09 21:33:06 | 000,856,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/05 23:18:06 | 000,005,632 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 22:41:15 | 000,007,598 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2010/01/04 21:29:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/17 21:48:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:22:06 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\WinSATAPI.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/18 19:41:00 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2009/05/18 19:41:00 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2009/05/18 19:40:59 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2009/05/18 19:40:59 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2009/05/18 19:40:59 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2009/05/18 19:40:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/01/04 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\acccore
[2010/01/04 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acoustica
[2010/01/04 20:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
[2010/01/04 20:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Antares
[2010/01/04 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Avanquest
[2010/01/04 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bioshock
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Braid
[2009/03/06 02:59:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Net
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2010/01/04 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2010/01/06 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2010/10/21 16:50:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2010/01/04 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Propellerhead Software
[2010/01/04 20:54:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steinberg
[2010/10/03 11:12:22 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/04 22:38:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/28 18:13:50 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/18 23:13:12 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2009/12/12 23:44:31 | 000,000,229 | ---- | M] () -- C:\JavaRa.log
[2010/11/28 18:13:51 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/17 22:30:25 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/01/04 21:32:11 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/28 17:19:27 | 053,123,856 | ---- | M] () -- C:\Users\Alex\Desktop\avira_antivir_personal_en.exe
[2010/11/27 21:34:15 | 000,080,384 | ---- | M] () -- C:\Users\Alex\Desktop\MBRCheck.exe
[2010/11/28 16:18:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010/11/27 18:53:10 | 052,603,624 | ---- | M] () -- C:\Users\Alex\Desktop\qrc49b9x.exe
[2010/11/27 21:10:33 | 000,296,448 | ---- | M] () -- C:\Users\Alex\Desktop\t6yn40ex.exe
[2010/11/27 20:59:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 10:39:41 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/28 18:14:26 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1063995

< End of report >

 

Avira still won't enable, I am installing Avast now.

Here is the log from the fix:


All processes killed
========== OTL ==========
Error: Unable to stop service 86534062!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\86534062 deleted successfully.
C:\Windows\SysNative\drivers\86534062.sys moved successfully.
Error: Unable to stop service setup_9.0.0.722_13.12.2009_06-36drv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\setup_9.0.0.722_13.12.2009_06-36drv deleted successfully.
File C:\Windows\SysNative\drivers\8653406.sys not found.
Error: Unable to stop service 86534061!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\86534061 deleted successfully.
C:\Windows\SysNative\drivers\86534061.sys moved successfully.
Error: Unable to stop service sbtis!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbtis deleted successfully.
C:\Windows\SysNative\drivers\sbtis.sys moved successfully.
Service sbapifs stopped successfully!
Service sbapifs deleted successfully!
C:\Windows\SysNative\drivers\sbapifs.sys moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AUTORUN.EXE not found.
ADS C:\ProgramData\TEMP:A1063995 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 1334333 bytes
->Temporary Internet Files folder emptied: 82939 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11458721 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 608 bytes

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3012 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6871955 bytes

Total Files Cleaned = 19.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Classic .NET AppPool

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11282010_210857

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

It's installed and updated, I'm running a quick scan now.

 

Here's the security check report:



Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````





When I ran TFC, it just gave me a blue screen and my computer restarted. I tried it three separate times, but no luck. Also, ESET scanner didn't find anything.

 

Here is my final OTL log:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 27045 bytes
->Temporary Internet Files folder emptied: 4701564 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 9872136 bytes
->Flash cache emptied: 842 bytes

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Alex
->Flash cache emptied: 0 bytes

User: All Users

User: Classic .NET AppPool

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11302010_000006

Files\Folders moved on Reboot...
File\Folder C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...







However, my computer is still hanging up. I still have 83 listening ports, and Avast has also brought my TCP connections close to 100. But at least now I know that it's not a rootkit or malware that is causing it!

 

At random times (no program or action seems to cause it, unless it's something in the background), the light that indicates that my processor is active just stays on constantly, and I can hear my hard drive spinning and making lots of noises and clicks. My computer freezes up completely or almost completely depending on the severity, but it happens several times a day, making the computer unusable for an indefinite amount of time.

I originally thought the hard drive was bad and looked into buying a new one, but a technician at the computer store said that it was simply because I have so many TCP ports "listening" which is bogging down my computer. He also said it was most likely due to a rootkit infection, which is why I began posting in this forum.

 

Here it is:





Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 67.18 0 K 24 K
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts
DPCs n/a 0.77 0 K 0 K Deferred Procedure Calls
System 4 0.77 116 K 1,428 K
smss.exe 428 460 K 752 K
csrss.exe 556 3,036 K 4,216 K
wininit.exe 656 1,472 K 3,308 K
services.exe 704 6,832 K 10,320 K
svchost.exe 856 4,508 K 8,264 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe 4328 2,452 K 5,940 K
svchost.exe 952 5,828 K 9,236 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 1000 24,932 K 26,592 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 3080 16,504 K 16,596 K
svchost.exe 448 99,968 K 105,496 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
WUDFHost.exe 3132 1,976 K 5,084 K
dwm.exe 1296 27,600 K 19,436 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe "
svchost.exe 568 37,332 K 41,024 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 1180 10,852 K 16,448 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1264 28,696 K 18,652 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 1376 30,292 K 58,660 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "
taskhost.exe 1724 8,048 K 8,816 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe "
spoolsv.exe 1784 9,336 K 9,856 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 1812 17,556 K 20,112 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1904 3,944 K 5,564 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k apphost
svchost.exe 1940 9,080 K 15,096 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
sqlservr.exe 2004 26.26 108,360 K 15,088 K SQL Server Windows NT - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
sqlwriter.exe 1332 1,960 K 4,996 K SQL Server VSS Writer - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "
svchost.exe 1544 4,904 K 6,728 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 1564 6,264 K 5,620 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k iissvcs
WLIDSVC.EXE 1768 4,284 K 9,788 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "
WLIDSVCM.EXE 2216 1,164 K 2,176 K
SearchIndexer.exe 436 46,664 K 33,156 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
alg.exe 3284 1,480 K 4,292 K Application Layer Gateway Service Microsoft Corporation C:\Windows\System32\alg.exe
wmpnetwk.exe 3820 16,220 K 14,320 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe "
svchost.exe 2848 11,652 K 14,056 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
svchost.exe 3216 66,488 K 6,808 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
svchost.exe 3148 1,748 K 3,068 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
iPodService.exe 3724 2,888 K 7,288 K iPodService Module (64-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe "
mDNSResponder.exe 2388 2,176 K 5,760 K Bonjour Service Apple Inc. "C:\Program Files (x86)\Bonjour\mDNSResponder.exe "
sppsvc.exe 5116 2,940 K 9,240 K Microsoft Software Protection Platform Service Microsoft Corporation C:\Windows\system32\sppsvc.exe
lsass.exe 732 7,076 K 11,256 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 740 2,512 K 3,676 K
csrss.exe 672 1.54 2,488 K 16,664 K
winlogon.exe 804 2,880 K 5,380 K
explorer.exe 1500 52,548 K 68,476 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
chrome.exe 2340 35,012 K 54,224 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe"
chrome.exe 2704 17,176 K 24,404 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.004C6D80.796107617 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 4884 9,404 K 16,084 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.004C6C00.635769452 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 4988 16,072 K 23,340 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-US --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.004C6A80.55187601 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 1036 9,424 K 16,164 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-US --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.004C6900.648081099 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 2348 9,920 K 16,892 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-US --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.004C6780.183864027 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 4352 9,476 K 16,168 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-US --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.00545900.860427101 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 4372 30,504 K 41,636 K Google Chrome Google Inc. "C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2340.08894300.669649437 /prefetch:3
SystemPropertiesPerformance.exe 4180 2,076 K 7,760 K
procexp.exe 1048 1,912 K 6,176 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
procexp64.exe 4660 2.32 20,960 K 38,280 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
GoogleCrashHandler.exe 3424 1,612 K 1,336 K Google Installer Google Inc. "C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
AvastUI.exe 3560 17,208 K 4,996 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
ctfmon.exe 3952 1,804 K 3,972 K CTF Loader Microsoft Corporation ctfmon.exe