Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

Infected by unidentified virus


  • Please log in to reply

#1
declanomad

declanomad

    Member

  • Member
  • PipPip
  • 16 posts
My computer appears to have been infected by a friend installing a contaminated version of Itunes.

Symptoms - the computer crashed once while using firefox.
- windows reports Com surrogate trying to make unauthorised changes. In the details a Quicktime file is referred to. This is still ocurring.
- windows defender removed a fake Pccleaner
- avast removed one file from the HP directory, on a pre start up scan. (Oops, I can't locate the log.)
- one time a message appeared on the LR corner of the screen saying that the copy of windows is not genuine, which in fact it is.
I have followes the steps of malware and spyware cleaning guide (TFC,ERUNT,Malwarebytes,GMER,OTL),

can someone have a look and let me know what's going on??

Thanks, Declan.


Here are the logs.
The GMER log is attached because it made the post too long. It has hundreds of entries that reference Comodo.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4577

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

09/09/2010 2:22:49
mbam-log-2010-09-09 (02-22-49).txt

Scan type: Quick scan
Objects scanned: 147984
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL logfile created on: 09/09/2010 15:03:54 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Declan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040A | Country: Spain | Language: ESP | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,41 Gb Total Space | 105,43 Gb Free Space | 47,19% Space Free | Partition Type: NTFS
Drive D: | 9,48 Gb Total Space | 1,64 Gb Free Space | 17,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DECLAN-PC
Current User Name: Declan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 15:01:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Declan\Desktop\OTL.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/26 18:42:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2008/04/26 01:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/04/15 22:42:14 | 000,939,264 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 15:01:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Declan\Desktop\OTL.exe
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
MOD - [2009/04/11 08:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2008/01/21 04:24:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
MOD - [2006/11/02 11:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.dll
MOD - [2006/11/02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)
SRV - [2009/02/18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 21:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/04 11:55:40 | 000,224,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:06 | 000,075,944 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/06/01 19:00:06 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/17 12:37:22 | 000,097,936 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/01 01:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/03 18:47:24 | 000,032,256 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yuanmodbda2.sys -- (MODBDA2)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2001/04/13 19:18:24 | 000,188,276 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys -- (RVIEGVST)
DRV - [2001/04/13 19:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..keyword.URL: "http://es.search.yah...h?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/28 03:24:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/28 03:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/21 20:33:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 20:33:44 | 000,000,000 | ---D | M]

[2010/07/06 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Mozilla\Extensions
[2010/09/09 01:30:35 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions
[2010/08/19 00:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/10 11:26:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/21 21:18:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/21 11:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/07/06 11:04:42 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/06/26 09:47:12 | 000,003,996 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\drae.xml
[2010/06/26 09:47:12 | 000,000,751 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/06/26 09:47:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/06/26 09:47:12 | 000,001,102 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-es.xml

Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Mostrar u ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 21:30:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\Shell\AutoRun\command - "" = ino6.com
O33 - MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\Shell\explore\Command - "" = ino6.com
O33 - MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\Shell\open\Command - "" = ino6.com
O33 - MountPoints2\{05852251-964c-11df-9d63-001eec89d268}\Shell\AutoRun\command - "" = 12gn6id2.exe
O33 - MountPoints2\{05852251-964c-11df-9d63-001eec89d268}\Shell\open\Command - "" = 12gn6id2.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 15:08:07 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Hewlett-Packard
[2010/09/09 15:02:20 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Declan\Desktop\OTL.exe
[2010/09/09 03:54:55 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop\virus
[2010/09/09 02:14:19 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Malwarebytes
[2010/09/09 02:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/29 13:02:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Karaoke
[2010/08/29 10:20:38 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/08/29 10:20:38 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/08/29 10:20:37 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/08/29 10:20:37 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/08/29 10:20:37 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/08/29 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2010/08/29 10:19:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/08/29 10:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP DVB-T TV Tuner
[2010/08/28 16:53:55 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop Toolbar
[2010/08/28 04:44:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/28 04:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/28 03:25:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/27 14:12:04 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\HP
[2010/08/27 14:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/08/27 13:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/08/27 13:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/27 13:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/08/27 13:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/08/27 13:13:48 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/27 13:13:37 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/27 13:13:34 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/27 13:13:32 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/27 13:13:30 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/27 13:12:40 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/08/27 13:12:39 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/27 13:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/27 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/27 12:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/08/27 12:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/27 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/08/21 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\dwhelper
[2010/08/21 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Apple Computer
[2010/08/21 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Apple Computer
[2010/08/21 20:36:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/21 20:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/21 20:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/21 20:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/21 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Apple
[2010/08/21 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Steinberg
[2010/08/21 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/08/21 16:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/21 16:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/08/20 19:19:38 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 07 Miles Davis
[2010/08/20 19:19:00 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 01 How To Play And Improvise Jazz
[2010/08/20 19:18:34 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 02 Nothin' But Blues
[2010/08/20 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 03 II V I Progression
[2010/08/20 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 04 Movin' On
[2010/08/20 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 05 Time To Play Music
[2010/08/20 19:16:50 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 06 Charlie Parker ''All Bird''
[2010/08/20 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Jamey Aebersold - Vol. 020 - Jimmy Raney
[2010/08/20 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\WinRAR
[2010/08/20 11:40:52 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Notepad Notes
[2010/08/19 00:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/08/19 00:58:08 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\NCH Swift Sound
[2010/08/19 00:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/08/19 00:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/08/18 21:44:43 | 000,000,000 | ---D | C] -- C:\Users\Declan\Cubase audio
[2010/08/18 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/08/17 16:00:38 | 000,000,000 | ---D | C] -- C:\Users\Declan\generator manuals
[2010/08/16 17:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/16 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\OpenCandy
[2010/08/16 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\OpenCandy
[2010/08/16 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/08/16 17:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/08/07 23:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Roland
[2010/08/07 23:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerTracks DirectX Plugins
[2010/08/07 23:45:04 | 000,000,000 | ---D | C] -- C:\RealBand
[2010/08/07 23:43:11 | 000,000,000 | ---D | C] -- C:\bb
[2010/08/06 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\NeroVision
[2010/08/03 10:10:55 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\vlc
[2010/07/22 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Spotify
[2010/07/22 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Spotify
[2010/07/22 22:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/07/21 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Youcam
[2010/07/21 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ContentaConverter-PREMIUM
[2010/07/21 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Nero
[2010/07/21 09:57:34 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\CyberLink
[2010/07/21 09:16:17 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\REAPER Media
[2010/07/19 16:59:47 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Nero
[2010/07/19 16:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/07/19 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\skypePM
[2010/07/19 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Skype
[2010/07/19 15:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/19 15:03:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/07/19 15:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/19 11:50:52 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Ahead
[2010/07/19 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Nero
[2010/07/19 11:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/07/19 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/19 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/19 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\REAPER
[2010/07/16 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\power2go cd burn projects
[2010/07/16 18:03:17 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\CyberLink
[2010/07/09 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\Declan\.thumbnails
[2010/07/09 01:53:33 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\dvdcss
[2010/07/08 20:00:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/07/08 20:00:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/07/08 20:00:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/07/08 19:31:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/07/06 16:53:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2010/07/06 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/06 11:36:46 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\gtk-2.0
[2010/07/06 11:32:53 | 000,000,000 | ---D | C] -- C:\Users\Declan\.gimp-2.6
[2010/07/06 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Declan\.gegl-0.0
[2010/07/06 11:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/06 11:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010/07/06 11:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/07/06 11:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/06 11:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/06 11:19:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/06 11:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/06 11:16:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/06 11:15:45 | 000,000,000 | ---D | C] -- C:\IUware Online
[2010/07/06 11:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER
[2010/07/06 11:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/06 11:06:15 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Foxit
[2010/07/06 11:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/06 10:58:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/06 10:47:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop\RECENT ITEMS
[2010/07/06 10:37:44 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Adobe
[2010/07/06 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/06 10:24:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/06 10:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/07/06 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Seven Zip
[2010/07/06 10:20:23 | 000,000,000 | R--D | C] -- C:\Users\Declan\Programs
[2010/07/06 10:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010/07/06 10:15:04 | 012,021,852 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2010/07/06 10:15:04 | 003,567,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2010/07/06 10:15:04 | 000,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2010/07/06 10:15:04 | 000,450,652 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2010/07/06 10:14:13 | 000,175,104 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/07/06 10:13:56 | 000,914,432 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/07/06 10:13:56 | 000,483,840 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/07/06 10:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/07/06 10:13:18 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR
[2010/07/06 10:12:51 | 000,118,784 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/07/06 10:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/06 10:12:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\HPMDP
[2010/07/06 10:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2010/07/06 10:09:29 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/07/06 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/07/06 10:07:40 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2010/07/06 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/07/06 10:04:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/06 10:00:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/06 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Mozilla
[2010/07/06 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Mozilla
[2010/07/06 09:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/06 03:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/06 02:15:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/07/06 02:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/06 02:02:43 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\QuickPlay
[2010/07/06 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Symantec
[2010/07/06 02:02:00 | 000,000,000 | R--D | C] -- C:\Users\Declan\Searches
[2010/07/06 02:01:40 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Identities
[2010/07/06 02:01:36 | 000,000,000 | R--D | C] -- C:\Users\Declan\Contacts
[2010/07/06 01:59:07 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Macromedia
[2010/07/06 01:56:01 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Adobe
[2010/07/06 01:55:49 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Hewlett-Packard
[2010/07/06 01:53:07 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\VirtualStore
[2010/07/06 01:53:05 | 000,000,000 | --SD | C] -- C:\Users\Declan\AppData\Roaming\Microsoft
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Videos
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Saved Games
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Pictures
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Music
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Links
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Favorites
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Downloads
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Documents
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Desktop
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\AppData\Local\Temporary Internet Files
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Templates
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Start Menu
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\SendTo
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Recent
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\PrintHood
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\NetHood
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Documents\My Videos
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Documents\My Pictures
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Documents\My Music
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\My Documents
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Local Settings
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\AppData\Local\History
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Cookies
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Application Data
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\AppData\Local\Application Data
[2010/07/06 01:53:05 | 000,000,000 | -H-D | C] -- C:\Users\Declan\AppData
[2010/07/06 01:53:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Temp
[2010/07/06 01:53:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Microsoft
[2010/07/06 01:53:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Media Center Programs

========== Files - Modified Within 90 Days ==========

[2010/09/09 15:06:53 | 002,097,152 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT
[2010/09/09 15:01:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Declan\Desktop\OTL.exe
[2010/09/09 14:56:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 14:56:40 | 000,303,670 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/09 14:56:40 | 000,303,670 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/09 14:56:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 14:56:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/09 12:35:04 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/09 12:35:04 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/09 12:35:04 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/09 12:29:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 12:29:29 | 2143,272,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 03:56:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/09 03:56:46 | 000,524,288 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/09 03:56:46 | 000,065,536 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/09 03:56:39 | 004,041,607 | -H-- | M] () -- C:\Users\Declan\AppData\Local\IconCache.db
[2010/09/09 00:54:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/07 23:39:56 | 000,003,395 | ---- | M] () -- C:\Users\Declan\.recently-used.xbel
[2010/09/07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/07 01:05:57 | 000,151,040 | ---- | M] () -- C:\Users\Declan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 13:13:18 | 000,010,820 | R--- | M] () -- C:\Users\Declan\Documents\Teoría de la literatura 2º ciclo.pdf
[2010/08/29 13:02:15 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/08/29 13:01:44 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/08/29 10:56:57 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/08/29 10:24:53 | 000,000,356 | ---- | M] () -- C:\Users\Declan\Desktop\Downloads - Shortcut (2).lnk
[2010/08/29 10:20:48 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/08/29 10:20:37 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/08/28 19:25:56 | 000,029,696 | ---- | M] () -- C:\Users\Declan\Documents\Shu Lailo Laleilo.doc
[2010/08/28 19:16:55 | 000,002,593 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/28 05:02:53 | 000,618,540 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2010/08/28 03:36:44 | 000,023,684 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/08/28 03:24:54 | 278,358,886 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/27 14:09:48 | 000,157,380 | ---- | M] () -- C:\Windows\hpoins27.dat
[2010/08/27 14:03:11 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 14:02:25 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk
[2010/08/27 14:00:19 | 000,001,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/27 13:59:07 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/25 21:10:25 | 000,034,816 | ---- | M] () -- C:\Users\Declan\Documents\MANOS III.doc
[2010/08/21 18:35:55 | 000,000,831 | ---- | M] () -- C:\Users\Declan\Desktop\Cubase SX.lnk
[2010/08/18 21:34:21 | 000,110,240 | ---- | M] () -- C:\Users\Declan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/18 21:33:17 | 000,396,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/07 23:45:17 | 000,000,558 | ---- | M] () -- C:\Users\Declan\Desktop\RealBand.lnk
[2010/08/07 23:45:17 | 000,000,479 | ---- | M] () -- C:\Users\Declan\Desktop\Band-in-a-Box.lnk
[2010/08/05 13:14:43 | 000,000,363 | ---- | M] () -- C:\Users\Declan\Desktop\Videos - Shortcut.lnk
[2010/08/03 10:10:39 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/28 14:05:36 | 000,001,748 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/28 11:57:00 | 000,040,448 | ---- | M] () -- C:\Users\Declan\Documents\Pedido teclado Thomann.doc
[2010/07/21 13:52:23 | 000,001,024 | ---- | M] () -- C:\Users\Declan\.rnd
[2010/07/19 11:50:29 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/07/16 18:29:28 | 000,010,299 | ---- | M] () -- C:\Users\Declan\Documents\Flamenco recop LATIDOS FUERTES.p2g
[2010/07/15 16:47:13 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/10 12:11:26 | 000,000,362 | ---- | M] () -- C:\Users\Declan\Desktop\Music - Shortcut.lnk
[2010/07/09 17:25:43 | 000,000,371 | ---- | M] () -- C:\Users\Declan\Desktop\Pictures - Shortcut.lnk
[2010/07/08 20:38:55 | 000,272,595 | ---- | M] () -- C:\Users\Declan\Documents\iroda soldering kit manual.pdf
[2010/07/08 19:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/07/07 13:27:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/07 13:19:31 | 000,001,699 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/07/06 23:26:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/07/06 11:32:36 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/07/06 11:24:24 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/07/06 11:07:53 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\REAPER.lnk
[2010/07/06 11:06:02 | 000,001,007 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/06 11:06:02 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/06 11:02:08 | 000,000,858 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\WinRAR - Shortcut.lnk
[2010/07/06 10:42:27 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/07/06 10:21:26 | 000,000,372 | ---- | M] () -- C:\Users\Declan\Desktop\Documents - Shortcut.lnk
[2010/07/06 10:21:16 | 000,000,447 | ---- | M] () -- C:\Users\Declan\Desktop\Programs - Shortcut.lnk
[2010/07/06 10:13:32 | 000,000,125 | ---- | M] () -- C:\Windows\xUninstall.bat
[2010/07/06 10:12:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/07/06 07:19:24 | 000,000,256 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/06 02:27:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2010/07/06 02:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 02:01:24 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/06 01:53:59 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND8331P02_E464624-033_4A_I30F8_SCompal_V99.87_F.24_T081125_WV3-1_L409_M2046_J250_7Intel_8676_92.00_#100706_N10EC8168;80864237_(FM193EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
[2010/07/06 01:53:05 | 000,000,020 | -HS- | M] () -- C:\Users\Declan\ntuser.ini

========== Files Created - No Company Name ==========

[2010/09/07 23:39:56 | 000,003,395 | ---- | C] () -- C:\Users\Declan\.recently-used.xbel
[2010/08/31 13:13:20 | 000,010,820 | R--- | C] () -- C:\Users\Declan\Documents\Teoría de la literatura 2º ciclo.pdf
[2010/08/29 10:24:53 | 000,000,356 | ---- | C] () -- C:\Users\Declan\Desktop\Downloads - Shortcut (2).lnk
[2010/08/28 19:25:55 | 000,029,696 | ---- | C] () -- C:\Users\Declan\Documents\Shu Lailo Laleilo.doc
[2010/08/28 03:35:39 | 000,023,684 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/28 03:29:44 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\FnF4.txt
[2010/08/28 03:24:54 | 278,358,886 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/27 14:02:25 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk
[2010/08/27 14:00:19 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/27 13:59:07 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/27 13:52:30 | 000,157,380 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/08/27 13:52:30 | 000,001,181 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/27 13:52:30 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/08/25 14:04:47 | 000,034,816 | ---- | C] () -- C:\Users\Declan\Documents\MANOS III.doc
[2010/08/21 18:35:55 | 000,000,831 | ---- | C] () -- C:\Users\Declan\Desktop\Cubase SX.lnk
[2010/08/20 16:07:53 | 000,000,133 | ---- | C] () -- C:\Users\Declan\Documents\The Musicians Library.url
[2010/08/20 16:07:50 | 032,224,469 | ---- | C] () -- C:\Users\Declan\Documents\Horace Silver - The Art Of Small Combo Jazz Playing, Composing & Arranging(36pp).pdf
[2010/08/20 15:20:48 | 007,599,240 | ---- | C] () -- C:\Users\Declan\Documents\BEYER ESCOLA PREPARATORIA PIANO.pdf
[2010/08/07 23:45:17 | 000,153,064 | ---- | C] () -- C:\Windows\System32\Pgchords.ttf
[2010/08/07 23:45:17 | 000,059,004 | ---- | C] () -- C:\Windows\System32\Pgtextj_.ttf
[2010/08/07 23:45:17 | 000,059,004 | ---- | C] () -- C:\Windows\System\Pgtextj_.ttf
[2010/08/07 23:45:17 | 000,051,864 | ---- | C] () -- C:\Windows\System32\Pgtextje.ttf
[2010/08/07 23:45:17 | 000,051,864 | ---- | C] () -- C:\Windows\System\Pgtextje.ttf
[2010/08/07 23:45:17 | 000,049,896 | ---- | C] () -- C:\Windows\System32\Pgtext.ttf
[2010/08/07 23:45:17 | 000,048,072 | ---- | C] () -- C:\Windows\System32\Pgjazz__.ttf
[2010/08/07 23:45:17 | 000,047,252 | ---- | C] () -- C:\Windows\System32\pgmus.ttf
[2010/08/07 23:45:17 | 000,000,558 | ---- | C] () -- C:\Users\Declan\Desktop\RealBand.lnk
[2010/08/07 23:45:17 | 000,000,479 | ---- | C] () -- C:\Users\Declan\Desktop\Band-in-a-Box.lnk
[2010/08/07 23:45:16 | 000,153,064 | ---- | C] () -- C:\Windows\System\Pgchords.ttf
[2010/08/07 23:45:16 | 000,049,896 | ---- | C] () -- C:\Windows\System\Pgtext.ttf
[2010/08/07 23:45:16 | 000,048,072 | ---- | C] () -- C:\Windows\System\Pgjazz__.ttf
[2010/08/07 23:45:16 | 000,047,252 | ---- | C] () -- C:\Windows\System\pgmus.ttf
[2010/08/05 13:14:43 | 000,000,363 | ---- | C] () -- C:\Users\Declan\Desktop\Videos - Shortcut.lnk
[2010/08/03 10:10:39 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/28 14:05:36 | 000,001,748 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/28 11:56:59 | 000,040,448 | ---- | C] () -- C:\Users\Declan\Documents\Pedido teclado Thomann.doc
[2010/07/19 11:50:29 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/07/19 11:47:07 | 000,001,024 | ---- | C] () -- C:\Users\Declan\.rnd
[2010/07/16 18:29:28 | 000,010,299 | ---- | C] () -- C:\Users\Declan\Documents\Flamenco recop LATIDOS FUERTES.p2g
[2010/07/15 16:47:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/10 11:41:16 | 000,151,040 | ---- | C] () -- C:\Users\Declan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 17:25:43 | 000,000,371 | ---- | C] () -- C:\Users\Declan\Desktop\Pictures - Shortcut.lnk
[2010/07/08 20:38:53 | 000,272,595 | ---- | C] () -- C:\Users\Declan\Documents\iroda soldering kit manual.pdf
[2010/07/08 19:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/07/07 13:27:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/07 13:19:31 | 000,001,699 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/07/07 13:18:54 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/07/07 13:18:51 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/07/07 13:18:40 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/07/07 13:18:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/07 13:18:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/07 13:18:35 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/07/07 13:18:35 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/07/07 13:18:30 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/07/07 13:18:14 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/07/07 13:18:11 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/07/07 13:17:15 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/07/07 13:17:10 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/07/06 23:26:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/07/06 11:32:43 | 000,002,593 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/07/06 11:32:36 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/07/06 11:24:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/06 11:07:53 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\REAPER.lnk
[2010/07/06 11:06:02 | 000,001,007 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/06 11:06:02 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/06 11:02:08 | 000,000,858 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\WinRAR - Shortcut.lnk
[2010/07/06 10:24:01 | 000,000,256 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/06 10:21:32 | 000,000,362 | ---- | C] () -- C:\Users\Declan\Desktop\Music - Shortcut.lnk
[2010/07/06 10:21:26 | 000,000,372 | ---- | C] () -- C:\Users\Declan\Desktop\Documents - Shortcut.lnk
[2010/07/06 10:21:16 | 000,000,447 | ---- | C] () -- C:\Users\Declan\Desktop\Programs - Shortcut.lnk
[2010/07/06 10:18:10 | 000,303,670 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/06 10:17:42 | 000,303,670 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/06 10:15:05 | 000,015,222 | ---- | C] () -- C:\Windows\System32\nbspkrs.ico
[2010/07/06 10:15:05 | 000,003,774 | ---- | C] () -- C:\Windows\System32\bltinmic.ico
[2010/07/06 10:15:05 | 000,003,774 | ---- | C] () -- C:\Windows\System32\2hps.ico
[2010/07/06 10:13:32 | 000,000,125 | ---- | C] () -- C:\Windows\xUninstall.bat
[2010/07/06 10:13:18 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_xd.ico
[2010/07/06 10:13:18 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_ms.ico
[2010/07/06 10:13:18 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_mmc.ico
[2010/07/06 10:12:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/07/06 10:05:46 | 2143,272,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/06 04:43:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/06 04:43:37 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/07/06 03:56:53 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/07/06 02:50:30 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/07/06 02:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\QSwitch.txt
[2010/07/06 02:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\DSwitch.txt
[2010/07/06 02:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\AtStart.txt
[2010/07/06 02:01:24 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/06 01:53:59 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND8331P02_E464624-033_4A_I30F8_SCompal_V99.87_F.24_T081125_WV3-1_L409_M2046_J250_7Intel_8676_92.00_#100706_N10EC8168;80864237_(FM193EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
[2010/07/06 01:53:05 | 002,097,152 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT
[2010/07/06 01:53:05 | 000,524,288 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 01:53:05 | 000,524,288 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/06 01:53:05 | 000,262,144 | -H-- | C] () -- C:\Users\Declan\ntuser.dat.LOG1
[2010/07/06 01:53:05 | 000,065,536 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/06 01:53:05 | 000,000,020 | -HS- | C] () -- C:\Users\Declan\ntuser.ini
[2010/07/06 01:53:05 | 000,000,000 | -H-- | C] () -- C:\Users\Declan\ntuser.dat.LOG2
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/06 11:06:15 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Foxit
[2010/09/07 23:39:56 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\gtk-2.0
[2010/08/19 00:58:08 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\NCH Swift Sound
[2010/08/16 17:31:49 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\OpenCandy
[2010/07/21 09:25:56 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\REAPER
[2010/09/01 17:35:25 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Spotify
[2010/08/21 21:25:58 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Steinberg
[2010/09/09 03:56:56 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2008/06/25 21:30:58 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/09 12:29:29 | 2143,272,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 12:29:28 | 2459,127,808 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-07 08:35:21
< End of report >







OTL Extras logfile created on: 09/09/2010 15:03:54 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Declan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040A | Country: Spain | Language: ESP | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,41 Gb Total Space | 105,43 Gb Free Space | 47,19% Space Free | Partition Type: NTFS
Drive D: | 9,48 Gb Total Space | 1,64 Gb Free Space | 17,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DECLAN-PC
Current User Name: Declan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10539A62-D5D8-4920-86E2-042BA72BD9EC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{17B54CA4-6113-4B20-8A75-7C7CC3E481B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1E57CB5A-BABA-4FE7-A83B-F2416CD4851D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{254CFF87-318C-4E8C-8CE6-5DFA2C50621A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3CC48420-DFC4-47F8-81B9-CF45E624D802}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{619F92D5-3946-4BC0-B7C6-C1ABA25847E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{665CBDE8-9C86-4350-8264-A134F09444E8}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7B0C5D11-90DA-4C8C-9234-42E61736E960}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7CFB7D5B-47C8-4E21-9783-C466ED5DD0C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{92A944AF-6253-45C5-8B57-70CE8AEBFEA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{9A7B84CC-B7BB-4C06-8D79-7B1D73F33FCC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{9CE2CEC8-7C3B-4913-AEF2-D9BE04FDB194}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{CEF03202-88BC-43E0-B9AB-24BFBE1EEC0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{CFFAF50C-5750-4211-9636-2BBB591C5353}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2151713-23C5-467D-8231-F1CEFE18BAB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{DDAA58B6-CB69-4DB8-9DB8-2EE2D9FFA2D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{ED5AF323-1BC6-4D28-9DD9-AF55B4F4957B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{FFEB30E6-B7FD-48C6-8A88-3C623094767C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5FCCD531-1B38-4A94-924C-127F722F1034}" = Nero 8
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"BB_is1" = RealTracks Set 7
"ContentaConverter-PREMIUM" = Contenta Converter PREMIUM
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JDownloader" = JDownloader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"REAPER" = REAPER
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Spotify" = Spotify
"Stamp" = Stamp ID3 Tag Editor
"Steinberg Cubase SX 1.01" = Steinberg Cubase SX 1.01
"VLC media player" = VLC media player 1.1.2
"WinGimp-2.0_is1" = GIMP 2.6.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2010 19:05:09 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module QuickTime.qts_unloaded, version 0.0.0.0, time stamp
0x4ba307c0, exception code 0xc0000005, fault offset 0x6001bb69, process id 0x1758,
application start time 0x01cb4e17f2f97480.

Error - 06/09/2010 19:05:29 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module QuickTime.qts_unloaded, version 0.0.0.0, time stamp
0x4ba307c0, exception code 0xc0000005, fault offset 0x6001bb69, process id 0x11ec,
application start time 0x01cb4e17fed223b0.

Error - 06/09/2010 19:05:33 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module QuickTime.qts_unloaded, version 0.0.0.0, time stamp
0x4ba307c0, exception code 0xc0000005, fault offset 0x6001bb69, process id 0xa08,
application start time 0x01cb4e18015b66a0.

Error - 06/09/2010 19:06:06 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module QuickTime.qts_unloaded, version 0.0.0.0, time stamp
0x4ba307c0, exception code 0xc0000005, fault offset 0x6001bb69, process id 0x13c0,
application start time 0x01cb4e181036a770.

Error - 06/09/2010 19:06:10 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module QuickTime.qts_unloaded, version 0.0.0.0, time stamp
0x4ba307c0, exception code 0xc0000005, fault offset 0x6001bb69, process id 0x858,
application start time 0x01cb4e1817142950.

Error - 07/09/2010 19:41:01 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module QuickTime.cpl, version 7.66.73.0, time stamp 0x4ba30659,
exception code 0xc0000409, fault offset 0x0000a90a, process id 0x1c88, application
start time 0x01cb4ee61e021a50.

Error - 07/09/2010 19:47:36 | Computer Name = Declan-PC | Source = Application Error | ID = 1000
Description = Faulting application MsiExec.exe, version 4.5.6002.18005, time stamp
0x49e01c42, faulting module QuickTime.qts_unloaded, version 0.0.0.0, time stamp
0x4ba307c0, exception code 0xc0000005, fault offset 0x5ff2bb69, process id 0x119c,
application start time 0x01cb4ee70c267550.

Error - 08/09/2010 18:31:41 | Computer Name = Declan-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 19:10:14 | Computer Name = Declan-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 19:12:30 | Computer Name = Declan-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 20/07/2010 3:56:05 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 20/07/2010 20:10:36 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20/07/2010 20:11:54 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/07/2010 7:03:34 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2010 7:03:42 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/07/2010 7:27:03 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2010 7:28:33 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/07/2010 14:05:15 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2010 14:06:48 | Computer Name = Declan-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 22/07/2010 3:58:57 | Computer Name = Declan-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.193 for the Network Card with network
address 0016EAB9DD9C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Attached Files

  • Attached File  ark.txt   804.15KB   56 downloads

  • 0

Similar Topics: Infected by unidentified virus     x


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 12,818 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [hpqSRMon] File not found
O33 - MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\Shell\AutoRun\command - "" = ino6.com
O33 - MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\Shell\explore\Command - "" = ino6.com
O33 - MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\Shell\open\Command - "" = ino6.com
O33 - MountPoints2\{05852251-964c-11df-9d63-001eec89d268}\Shell\AutoRun\command - "" = 12gn6id2.exe
O33 - MountPoints2\{05852251-964c-11df-9d63-001eec89d268}\Shell\open\Command - "" = 12gn6id2.exe

:Files
C:\12gn6id2.exe
C:\windows\12gn6id2.exe
C:\windows\system32\12gn6id2.exe
C:\ino6.com
C:\windows\ino6.com
C:\windows\system32\ino6.com
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


XP
  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Double click on TDSSKiller.exe
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Ron
  • 0

#3
declanomad

declanomad

    Member

  • Member
  • PipPip
  • 16 posts
Hi Ron. THANKS FOR YOUR HELP!!

I have followed your instructions.

Another candidate for the source of the infection was an HP printer driver downloaded from the manufacturer. Is this plausible?
Previously three computers in the house were infected similarly after downloading and installing a lexmark driver, from lexmark. Can you explain this? How do I get the printers to work?
Curiously the recycle bin had been renamed to 'virus'.

Here are the logs, and also the log from the avast scan which I previously couldn't find, which reports Win32:KillApp
Found non-standard or infected MBR.

Cheers, Declan.

AVAST PRESTARTUP SCAN LOG

09/08/2010 10:05
Analizar todas las unidades locales

El archivo C:\HP\BIN\EndProcess.exe esta infectado por Win32:KillApp-W [PUP], Reparar: Error 42060 {El archivo no fue reparado.}, Eliminado
Número de carpetas analizadas: 24835
Número de archivos examinados: 1166624
Número de archivos infectados: 1



OTL FIX LOG

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0585224d-964c-11df-9d63-001eec89d268}\ not found.
File ino6.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0585224d-964c-11df-9d63-001eec89d268}\ not found.
File ino6.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0585224d-964c-11df-9d63-001eec89d268}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0585224d-964c-11df-9d63-001eec89d268}\ not found.
File ino6.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05852251-964c-11df-9d63-001eec89d268}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05852251-964c-11df-9d63-001eec89d268}\ not found.
File 12gn6id2.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05852251-964c-11df-9d63-001eec89d268}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05852251-964c-11df-9d63-001eec89d268}\ not found.
File 12gn6id2.exe not found.
========== FILES ==========
File\Folder C:\12gn6id2.exe not found.
File\Folder C:\windows\12gn6id2.exe not found.
File\Folder C:\windows\system32\12gn6id2.exe not found.
File\Folder C:\ino6.com not found.
File\Folder C:\windows\ino6.com not found.
File\Folder C:\windows\system32\ino6.com not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Declan
->Temp folder emptied: 2145195 bytes
->Temporary Internet Files folder emptied: 9246928 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88074442 bytes
->Flash cache emptied: 2368 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1256351 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 285923439 bytes

Total Files Cleaned = 369,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09122010_150638

Files\Folders moved on Reboot...
C:\Users\Declan\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...





OTL QUICK SCAN LOG

OTL logfile created on: 12/09/2010 15:19:54 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Declan\Desktop\hay virus
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040A | Country: Spain | Language: ESP | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,41 Gb Total Space | 104,63 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive D: | 9,48 Gb Total Space | 1,64 Gb Free Space | 17,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DECLAN-PC
Current User Name: Declan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 15:01:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Declan\Desktop\hay virus\OTL.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/26 01:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 15:01:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Declan\Desktop\hay virus\OTL.exe
MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
MOD - [2009/04/11 08:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2008/01/21 04:24:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
MOD - [2006/11/02 11:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.dll
MOD - [2006/11/02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)
SRV - [2009/02/18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 21:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/04 11:55:40 | 000,224,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:06 | 000,075,944 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/06/01 19:00:06 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/17 12:37:22 | 000,097,936 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/01 01:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/03 18:47:24 | 000,032,256 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yuanmodbda2.sys -- (MODBDA2)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2001/04/13 19:18:24 | 000,188,276 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys -- (RVIEGVST)
DRV - [2001/04/13 19:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto | Running] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..keyword.URL: "http://es.search.yah...h?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/28 03:24:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/28 03:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 17:12:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/10 17:12:45 | 000,000,000 | ---D | M]

[2010/07/06 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Mozilla\Extensions
[2010/09/11 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions
[2010/08/19 00:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/10 11:26:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/21 21:18:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/21 11:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/07/06 11:04:42 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/06/26 09:47:12 | 000,003,996 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\drae.xml
[2010/06/26 09:47:12 | 000,000,751 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/06/26 09:47:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/06/26 09:47:12 | 000,001,102 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010/09/12 15:06:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Mostrar u ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Declan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Declan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/25 21:30:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/12 15:06:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/12 14:41:52 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Template
[2010/09/10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop\bea
[2010/09/09 15:08:07 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Hewlett-Packard
[2010/09/09 03:54:55 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop\hay virus
[2010/09/09 02:14:19 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Malwarebytes
[2010/09/09 02:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/29 13:02:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Karaoke
[2010/08/29 10:20:38 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/08/29 10:20:38 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/08/29 10:20:37 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/08/29 10:20:37 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/08/29 10:20:37 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/08/29 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2010/08/29 10:19:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/08/29 10:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP DVB-T TV Tuner
[2010/08/28 16:53:55 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop Toolbar
[2010/08/28 04:44:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/28 04:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/28 03:25:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/27 14:12:04 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\HP
[2010/08/27 14:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/08/27 13:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/08/27 13:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/27 13:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/08/27 13:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/08/27 13:13:48 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/27 13:13:37 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/27 13:13:34 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/27 13:13:32 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/27 13:13:30 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/27 13:12:40 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/08/27 13:12:39 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/27 13:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/27 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/27 12:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/08/27 12:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/27 12:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/08/21 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\dwhelper
[2010/08/21 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Apple Computer
[2010/08/21 20:37:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Apple Computer
[2010/08/21 20:36:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/21 20:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/21 20:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/21 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Apple
[2010/08/21 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Steinberg
[2010/08/21 16:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/08/21 16:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/21 16:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/08/20 19:19:38 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 07 Miles Davis
[2010/08/20 19:19:00 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 01 How To Play And Improvise Jazz
[2010/08/20 19:18:34 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 02 Nothin' But Blues
[2010/08/20 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 03 II V I Progression
[2010/08/20 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 04 Movin' On
[2010/08/20 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 05 Time To Play Music
[2010/08/20 19:16:50 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Aebersold Vol 06 Charlie Parker ''All Bird''
[2010/08/20 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Jamey Aebersold - Vol. 020 - Jimmy Raney
[2010/08/20 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\WinRAR
[2010/08/20 11:40:52 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Notepad Notes
[2010/08/19 00:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/08/19 00:58:08 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\NCH Swift Sound
[2010/08/19 00:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/08/19 00:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/08/18 21:44:43 | 000,000,000 | ---D | C] -- C:\Users\Declan\Cubase audio
[2010/08/18 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/08/17 16:00:38 | 000,000,000 | ---D | C] -- C:\Users\Declan\generator manuals
[2010/08/16 17:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/16 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\OpenCandy
[2010/08/16 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\OpenCandy
[2010/08/16 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/08/16 17:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/08/07 23:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Roland
[2010/08/07 23:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerTracks DirectX Plugins
[2010/08/07 23:45:04 | 000,000,000 | ---D | C] -- C:\RealBand
[2010/08/07 23:43:11 | 000,000,000 | ---D | C] -- C:\bb
[2010/08/06 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\NeroVision
[2010/08/03 10:10:55 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\vlc
[2010/07/22 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Spotify
[2010/07/22 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Spotify
[2010/07/22 22:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/07/21 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Youcam
[2010/07/21 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ContentaConverter-PREMIUM
[2010/07/21 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Nero
[2010/07/21 09:57:34 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\CyberLink
[2010/07/21 09:16:17 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\REAPER Media
[2010/07/19 16:59:47 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\Nero
[2010/07/19 16:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/07/19 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\skypePM
[2010/07/19 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Skype
[2010/07/19 15:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/19 15:03:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/07/19 15:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/19 11:50:52 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Ahead
[2010/07/19 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Nero
[2010/07/19 11:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/07/19 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/19 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/07/19 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\REAPER
[2010/07/16 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\Declan\Documents\power2go cd burn projects
[2010/07/16 18:03:17 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\CyberLink
[2010/07/09 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\Declan\.thumbnails
[2010/07/09 01:53:33 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\dvdcss
[2010/07/08 20:00:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/07/08 20:00:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/07/08 20:00:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/07/08 19:31:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/07/06 16:53:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2010/07/06 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/06 11:36:46 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\gtk-2.0
[2010/07/06 11:32:53 | 000,000,000 | ---D | C] -- C:\Users\Declan\.gimp-2.6
[2010/07/06 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Declan\.gegl-0.0
[2010/07/06 11:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/06 11:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010/07/06 11:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/07/06 11:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/06 11:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/06 11:19:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/06 11:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/06 11:16:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/06 11:15:45 | 000,000,000 | ---D | C] -- C:\IUware Online
[2010/07/06 11:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER
[2010/07/06 11:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/07/06 11:06:15 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Foxit
[2010/07/06 11:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/06 10:58:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/06 10:47:23 | 000,000,000 | ---D | C] -- C:\Users\Declan\Desktop\RECENT ITEMS
[2010/07/06 10:37:44 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Adobe
[2010/07/06 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/06 10:24:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/06 10:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/07/06 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Seven Zip
[2010/07/06 10:20:23 | 000,000,000 | R--D | C] -- C:\Users\Declan\Programs
[2010/07/06 10:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010/07/06 10:15:04 | 012,021,852 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2010/07/06 10:15:04 | 003,567,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2010/07/06 10:15:04 | 000,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2010/07/06 10:15:04 | 000,450,652 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2010/07/06 10:14:13 | 000,175,104 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/07/06 10:13:56 | 000,914,432 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/07/06 10:13:56 | 000,483,840 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/07/06 10:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/07/06 10:13:18 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR
[2010/07/06 10:12:51 | 000,118,784 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/07/06 10:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/06 10:12:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\HPMDP
[2010/07/06 10:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2010/07/06 10:09:29 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/07/06 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/07/06 10:07:40 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2010/07/06 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010/07/06 10:04:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/06 10:00:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/06 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Mozilla
[2010/07/06 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Mozilla
[2010/07/06 09:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/06 03:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/06 02:15:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/07/06 02:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/06 02:02:43 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\QuickPlay
[2010/07/06 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Symantec
[2010/07/06 02:02:00 | 000,000,000 | R--D | C] -- C:\Users\Declan\Searches
[2010/07/06 02:01:40 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Identities
[2010/07/06 02:01:36 | 000,000,000 | R--D | C] -- C:\Users\Declan\Contacts
[2010/07/06 01:59:07 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Macromedia
[2010/07/06 01:56:01 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Adobe
[2010/07/06 01:55:49 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Hewlett-Packard
[2010/07/06 01:53:07 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\VirtualStore
[2010/07/06 01:53:05 | 000,000,000 | --SD | C] -- C:\Users\Declan\AppData\Roaming\Microsoft
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Videos
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Saved Games
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Pictures
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Music
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Links
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Favorites
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Downloads
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Documents
[2010/07/06 01:53:05 | 000,000,000 | R--D | C] -- C:\Users\Declan\Desktop
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\AppData\Local\Temporary Internet Files
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Templates
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Start Menu
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\SendTo
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Recent
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\PrintHood
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\NetHood
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Documents\My Videos
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Documents\My Pictures
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Documents\My Music
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\My Documents
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Local Settings
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\AppData\Local\History
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Cookies
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\Application Data
[2010/07/06 01:53:05 | 000,000,000 | -HSD | C] -- C:\Users\Declan\AppData\Local\Application Data
[2010/07/06 01:53:05 | 000,000,000 | -H-D | C] -- C:\Users\Declan\AppData
[2010/07/06 01:53:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Temp
[2010/07/06 01:53:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Local\Microsoft
[2010/07/06 01:53:05 | 000,000,000 | ---D | C] -- C:\Users\Declan\AppData\Roaming\Media Center Programs

========== Files - Modified Within 90 Days ==========

[2010/09/12 15:19:58 | 002,097,152 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT
[2010/09/12 15:18:10 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/12 15:18:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/12 15:18:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/12 15:17:29 | 000,303,700 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/12 15:17:29 | 000,303,700 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/12 15:12:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 15:12:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 15:12:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 15:11:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 15:11:50 | 2145,341,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 15:10:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/12 15:10:24 | 000,524,288 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 15:10:24 | 000,065,536 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/12 15:06:41 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/09/12 14:53:30 | 000,002,593 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/09/12 14:42:24 | 000,000,108 | ---- | M] () -- C:\Users\Declan\AppData\Roaming\wklnhst.dat
[2010/09/12 14:34:58 | 000,077,824 | ---- | M] () -- C:\Users\Declan\Documents\Carpeta recursos.doc
[2010/09/10 23:58:03 | 000,151,552 | ---- | M] () -- C:\Users\Declan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 18:38:33 | 006,291,456 | -H-- | M] () -- C:\Users\Declan\AppData\Local\IconCache.db
[2010/09/09 00:54:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/07 23:39:56 | 000,003,395 | ---- | M] () -- C:\Users\Declan\.recently-used.xbel
[2010/09/07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/31 13:13:18 | 000,010,820 | R--- | M] () -- C:\Users\Declan\Documents\Teoría de la literatura 2º ciclo.pdf
[2010/08/29 13:02:15 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/08/29 13:01:44 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/08/29 10:56:57 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/08/29 10:24:53 | 000,000,356 | ---- | M] () -- C:\Users\Declan\Desktop\Downloads - Shortcut (2).lnk
[2010/08/29 10:20:48 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/08/29 10:20:37 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/08/28 19:25:56 | 000,029,696 | ---- | M] () -- C:\Users\Declan\Documents\Shu Lailo Laleilo.doc
[2010/08/28 05:02:53 | 000,618,540 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2010/08/28 03:36:44 | 000,023,684 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/08/28 03:24:54 | 278,358,886 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/27 14:09:48 | 000,157,380 | ---- | M] () -- C:\Windows\hpoins27.dat
[2010/08/27 14:03:11 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 14:02:25 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk
[2010/08/27 14:00:19 | 000,001,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/27 13:59:07 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/25 21:10:25 | 000,034,816 | ---- | M] () -- C:\Users\Declan\Documents\MANOS III.doc
[2010/08/21 18:35:55 | 000,000,831 | ---- | M] () -- C:\Users\Declan\Desktop\Cubase SX.lnk
[2010/08/18 21:34:21 | 000,110,240 | ---- | M] () -- C:\Users\Declan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/18 21:33:17 | 000,396,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/07 23:45:17 | 000,000,558 | ---- | M] () -- C:\Users\Declan\Desktop\RealBand.lnk
[2010/08/07 23:45:17 | 000,000,479 | ---- | M] () -- C:\Users\Declan\Desktop\Band-in-a-Box.lnk
[2010/08/05 13:14:43 | 000,000,363 | ---- | M] () -- C:\Users\Declan\Desktop\Videos - Shortcut.lnk
[2010/08/03 10:10:39 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/28 14:05:36 | 000,001,748 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/28 11:57:00 | 000,040,448 | ---- | M] () -- C:\Users\Declan\Documents\Pedido teclado Thomann.doc
[2010/07/21 13:52:23 | 000,001,024 | ---- | M] () -- C:\Users\Declan\.rnd
[2010/07/19 11:50:29 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/07/16 18:29:28 | 000,010,299 | ---- | M] () -- C:\Users\Declan\Documents\Flamenco recop LATIDOS FUERTES.p2g
[2010/07/15 16:47:13 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/10 12:11:26 | 000,000,362 | ---- | M] () -- C:\Users\Declan\Desktop\Music - Shortcut.lnk
[2010/07/09 17:25:43 | 000,000,371 | ---- | M] () -- C:\Users\Declan\Desktop\Pictures - Shortcut.lnk
[2010/07/08 20:38:55 | 000,272,595 | ---- | M] () -- C:\Users\Declan\Documents\iroda soldering kit manual.pdf
[2010/07/08 19:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/07/07 13:27:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/07 13:19:31 | 000,001,699 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/07/06 23:26:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/07/06 11:32:36 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/07/06 11:24:24 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/07/06 11:07:53 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\REAPER.lnk
[2010/07/06 11:06:02 | 000,001,007 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/06 11:06:02 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/06 11:02:08 | 000,000,858 | ---- | M] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\WinRAR - Shortcut.lnk
[2010/07/06 10:42:27 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/07/06 10:21:26 | 000,000,372 | ---- | M] () -- C:\Users\Declan\Desktop\Documents - Shortcut.lnk
[2010/07/06 10:21:16 | 000,000,447 | ---- | M] () -- C:\Users\Declan\Desktop\Programs - Shortcut.lnk
[2010/07/06 10:13:32 | 000,000,125 | ---- | M] () -- C:\Windows\xUninstall.bat
[2010/07/06 10:12:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/07/06 07:19:24 | 000,000,256 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/06 02:27:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2010/07/06 02:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 02:01:24 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/06 01:53:59 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND8331P02_E464624-033_4A_I30F8_SCompal_V99.87_F.24_T081125_WV3-1_L409_M2046_J250_7Intel_8676_92.00_#100706_N10EC8168;80864237_(FM193EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
[2010/07/06 01:53:05 | 000,000,020 | -HS- | M] () -- C:\Users\Declan\ntuser.ini

========== Files Created - No Company Name ==========

[2010/09/12 14:41:51 | 000,000,108 | ---- | C] () -- C:\Users\Declan\AppData\Roaming\wklnhst.dat
[2010/09/12 14:40:25 | 000,077,824 | ---- | C] () -- C:\Users\Declan\Documents\Carpeta recursos.doc
[2010/09/07 23:39:56 | 000,003,395 | ---- | C] () -- C:\Users\Declan\.recently-used.xbel
[2010/08/31 13:13:20 | 000,010,820 | R--- | C] () -- C:\Users\Declan\Documents\Teoría de la literatura 2º ciclo.pdf
[2010/08/29 10:24:53 | 000,000,356 | ---- | C] () -- C:\Users\Declan\Desktop\Downloads - Shortcut (2).lnk
[2010/08/28 19:25:55 | 000,029,696 | ---- | C] () -- C:\Users\Declan\Documents\Shu Lailo Laleilo.doc
[2010/08/28 03:35:39 | 000,023,684 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/28 03:29:44 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\FnF4.txt
[2010/08/28 03:24:54 | 278,358,886 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/27 14:02:25 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk
[2010/08/27 14:00:19 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/27 13:59:07 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/27 13:52:30 | 000,157,380 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/08/27 13:52:30 | 000,001,181 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/27 13:52:30 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/08/25 14:04:47 | 000,034,816 | ---- | C] () -- C:\Users\Declan\Documents\MANOS III.doc
[2010/08/21 18:35:55 | 000,000,831 | ---- | C] () -- C:\Users\Declan\Desktop\Cubase SX.lnk
[2010/08/20 16:07:53 | 000,000,133 | ---- | C] () -- C:\Users\Declan\Documents\The Musicians Library.url
[2010/08/20 16:07:50 | 032,224,469 | ---- | C] () -- C:\Users\Declan\Documents\Horace Silver - The Art Of Small Combo Jazz Playing, Composing & Arranging(36pp).pdf
[2010/08/20 15:20:48 | 007,599,240 | ---- | C] () -- C:\Users\Declan\Documents\BEYER ESCOLA PREPARATORIA PIANO.pdf
[2010/08/07 23:45:17 | 000,153,064 | ---- | C] () -- C:\Windows\System32\Pgchords.ttf
[2010/08/07 23:45:17 | 000,059,004 | ---- | C] () -- C:\Windows\System32\Pgtextj_.ttf
[2010/08/07 23:45:17 | 000,059,004 | ---- | C] () -- C:\Windows\System\Pgtextj_.ttf
[2010/08/07 23:45:17 | 000,051,864 | ---- | C] () -- C:\Windows\System32\Pgtextje.ttf
[2010/08/07 23:45:17 | 000,051,864 | ---- | C] () -- C:\Windows\System\Pgtextje.ttf
[2010/08/07 23:45:17 | 000,049,896 | ---- | C] () -- C:\Windows\System32\Pgtext.ttf
[2010/08/07 23:45:17 | 000,048,072 | ---- | C] () -- C:\Windows\System32\Pgjazz__.ttf
[2010/08/07 23:45:17 | 000,047,252 | ---- | C] () -- C:\Windows\System32\pgmus.ttf
[2010/08/07 23:45:17 | 000,000,558 | ---- | C] () -- C:\Users\Declan\Desktop\RealBand.lnk
[2010/08/07 23:45:17 | 000,000,479 | ---- | C] () -- C:\Users\Declan\Desktop\Band-in-a-Box.lnk
[2010/08/07 23:45:16 | 000,153,064 | ---- | C] () -- C:\Windows\System\Pgchords.ttf
[2010/08/07 23:45:16 | 000,049,896 | ---- | C] () -- C:\Windows\System\Pgtext.ttf
[2010/08/07 23:45:16 | 000,048,072 | ---- | C] () -- C:\Windows\System\Pgjazz__.ttf
[2010/08/07 23:45:16 | 000,047,252 | ---- | C] () -- C:\Windows\System\pgmus.ttf
[2010/08/05 13:14:43 | 000,000,363 | ---- | C] () -- C:\Users\Declan\Desktop\Videos - Shortcut.lnk
[2010/08/03 10:10:39 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/28 14:05:36 | 000,001,748 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/28 11:56:59 | 000,040,448 | ---- | C] () -- C:\Users\Declan\Documents\Pedido teclado Thomann.doc
[2010/07/19 11:50:29 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/07/19 11:47:07 | 000,001,024 | ---- | C] () -- C:\Users\Declan\.rnd
[2010/07/16 18:29:28 | 000,010,299 | ---- | C] () -- C:\Users\Declan\Documents\Flamenco recop LATIDOS FUERTES.p2g
[2010/07/15 16:47:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/10 11:41:16 | 000,151,552 | ---- | C] () -- C:\Users\Declan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 17:25:43 | 000,000,371 | ---- | C] () -- C:\Users\Declan\Desktop\Pictures - Shortcut.lnk
[2010/07/08 20:38:53 | 000,272,595 | ---- | C] () -- C:\Users\Declan\Documents\iroda soldering kit manual.pdf
[2010/07/08 19:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/07/07 13:27:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/07 13:19:31 | 000,001,699 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/07/07 13:18:54 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/07/07 13:18:51 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/07/07 13:18:40 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/07/07 13:18:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/07 13:18:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/07 13:18:35 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/07/07 13:18:35 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/07/07 13:18:30 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/07/07 13:18:14 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/07/07 13:18:11 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/07/07 13:17:15 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/07/07 13:17:10 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/07/06 23:26:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/07/06 11:32:43 | 000,002,593 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/07/06 11:32:36 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/07/06 11:24:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/06 11:07:53 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\REAPER.lnk
[2010/07/06 11:06:02 | 000,001,007 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/06 11:06:02 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/07/06 11:02:08 | 000,000,858 | ---- | C] () -- C:\Users\Declan\Application Data\Microsoft\Internet Explorer\Quick Launch\WinRAR - Shortcut.lnk
[2010/07/06 10:24:01 | 000,000,256 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2010/07/06 10:21:32 | 000,000,362 | ---- | C] () -- C:\Users\Declan\Desktop\Music - Shortcut.lnk
[2010/07/06 10:21:26 | 000,000,372 | ---- | C] () -- C:\Users\Declan\Desktop\Documents - Shortcut.lnk
[2010/07/06 10:21:16 | 000,000,447 | ---- | C] () -- C:\Users\Declan\Desktop\Programs - Shortcut.lnk
[2010/07/06 10:18:10 | 000,303,700 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/06 10:17:42 | 000,303,700 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/06 10:15:05 | 000,015,222 | ---- | C] () -- C:\Windows\System32\nbspkrs.ico
[2010/07/06 10:15:05 | 000,003,774 | ---- | C] () -- C:\Windows\System32\bltinmic.ico
[2010/07/06 10:15:05 | 000,003,774 | ---- | C] () -- C:\Windows\System32\2hps.ico
[2010/07/06 10:13:32 | 000,000,125 | ---- | C] () -- C:\Windows\xUninstall.bat
[2010/07/06 10:13:18 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_xd.ico
[2010/07/06 10:13:18 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_ms.ico
[2010/07/06 10:13:18 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_mmc.ico
[2010/07/06 10:12:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/07/06 10:05:46 | 2145,341,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/06 04:43:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/06 04:43:37 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/07/06 03:56:53 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/07/06 02:50:30 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/07/06 02:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\QSwitch.txt
[2010/07/06 02:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\DSwitch.txt
[2010/07/06 02:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Declan\AppData\Local\AtStart.txt
[2010/07/06 02:01:24 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2010/07/06 01:53:59 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND8331P02_E464624-033_4A_I30F8_SCompal_V99.87_F.24_T081125_WV3-1_L409_M2046_J250_7Intel_8676_92.00_#100706_N10EC8168;80864237_(FM193EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
[2010/07/06 01:53:05 | 002,097,152 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT
[2010/07/06 01:53:05 | 000,524,288 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/07/06 01:53:05 | 000,524,288 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/06 01:53:05 | 000,262,144 | -H-- | C] () -- C:\Users\Declan\ntuser.dat.LOG1
[2010/07/06 01:53:05 | 000,065,536 | -HS- | C] () -- C:\Users\Declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/06 01:53:05 | 000,000,020 | -HS- | C] () -- C:\Users\Declan\ntuser.ini
[2010/07/06 01:53:05 | 000,000,000 | -H-- | C] () -- C:\Users\Declan\ntuser.dat.LOG2
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/06 11:06:15 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Foxit
[2010/09/07 23:39:56 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\gtk-2.0
[2010/08/19 00:58:08 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\NCH Swift Sound
[2010/08/16 17:31:49 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\OpenCandy
[2010/07/21 09:25:56 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\REAPER
[2010/09/12 02:09:00 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Spotify
[2010/08/21 21:25:58 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Steinberg
[2010/09/12 14:41:53 | 000,000,000 | ---D | M] -- C:\Users\Declan\AppData\Roaming\Template
[2010/09/12 15:10:35 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >








ComboFix 10-09-13.02 - Declan 14/09/2010 23:50:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.1033.18.2045.1101 [GMT 2:00]
Running from: c:\users\Declan\Desktop\george.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 22:00 . 2010-09-14 22:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-14 22:00 . 2010-09-14 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-12 13:06 . 2010-09-12 13:06 -------- d-----w- C:\_OTL
2010-09-12 12:41 . 2010-09-12 12:41 -------- d-----w- c:\users\Declan\AppData\Roaming\Template
2010-09-09 13:08 . 2010-09-09 13:08 -------- d-----w- c:\users\Declan\AppData\Local\Hewlett-Packard
2010-09-09 00:14 . 2010-09-09 00:14 -------- d-----w- c:\users\Declan\AppData\Roaming\Malwarebytes
2010-09-09 00:14 . 2010-09-09 00:14 -------- d-----w- c:\programdata\Malwarebytes
2010-09-07 21:58 . 2010-09-07 23:43 -------- d-----w- c:\users\Guest\AppData\Roaming\vlc
2010-09-07 21:55 . 2010-09-07 21:55 110240 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 08:11 . 2010-08-29 09:05 -------- d-----w- c:\program files\HP DVB-T TV Tuner
2010-08-28 14:53 . 2010-08-29 08:24 -------- d-----w- c:\users\Declan\Desktop Toolbar
2010-08-28 02:44 . 2010-08-28 02:44 -------- d-----w- c:\program files\ERUNT
2010-08-28 01:35 . 2010-08-28 01:36 23684 ----a-w- c:\windows\hpqins15.dat
2010-08-27 12:12 . 2010-08-29 08:56 -------- d-----w- c:\users\Declan\AppData\Roaming\HP
2010-08-27 12:04 . 2010-08-27 12:04 -------- d-----w- c:\programdata\WEBREG
2010-08-27 11:58 . 2010-08-27 11:58 -------- d-----w- c:\programdata\HP Product Assistant
2010-08-27 11:57 . 2010-08-27 11:57 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-27 11:57 . 2010-08-27 11:57 -------- d-----w- c:\program files\Common Files\HP
2010-08-27 11:56 . 2007-10-20 16:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-08-27 11:54 . 2007-10-20 16:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2010-08-27 11:52 . 2010-08-27 12:09 157380 ----a-w- c:\windows\hpoins27.dat
2010-08-27 11:52 . 2007-12-13 17:31 932 ------w- c:\windows\hpomdl27.dat
2010-08-27 11:44 . 2010-08-29 08:56 -------- d-----w- c:\programdata\HP
2010-08-27 11:44 . 2007-11-09 06:52 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-08-27 11:44 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-08-27 11:44 . 2007-10-31 00:25 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-08-27 11:44 . 2007-10-31 00:11 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2010-08-27 11:44 . 2007-10-31 00:11 303104 ----a-w- c:\windows\system32\hpovst15.dll
2010-08-27 11:44 . 2007-10-31 00:11 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2010-08-27 11:13 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-27 11:13 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-27 11:13 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-27 11:13 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-27 11:13 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-27 11:12 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-08-27 11:12 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-27 11:12 . 2010-08-27 11:12 -------- d-----w- c:\programdata\Alwil Software
2010-08-27 11:12 . 2010-08-27 11:12 -------- d-----w- c:\program files\Alwil Software
2010-08-27 10:54 . 2010-08-27 10:55 -------- d-----w- c:\programdata\COMODO
2010-08-27 10:49 . 2010-08-27 10:49 -------- d-----w- c:\program files\COMODO
2010-08-27 10:46 . 2010-08-27 10:47 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-21 19:19 . 2010-08-21 19:23 -------- d-----w- c:\users\Declan\dwhelper
2010-08-21 18:37 . 2010-08-21 18:39 -------- d-----w- c:\users\Declan\AppData\Roaming\Apple Computer
2010-08-21 18:37 . 2010-08-21 18:37 -------- d-----w- c:\users\Declan\AppData\Local\Apple Computer
2010-08-21 18:36 . 2010-08-21 18:51 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-21 18:35 . 2010-08-21 18:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 18:33 . 2010-09-07 23:47 -------- d-----w- c:\programdata\Apple Computer
2010-08-21 18:32 . 2010-08-21 18:32 -------- d-----w- c:\users\Declan\AppData\Local\Apple
2010-08-21 16:45 . 2010-08-21 19:25 -------- d-----w- c:\users\Declan\AppData\Roaming\Steinberg
2010-08-21 14:35 . 2010-08-21 14:35 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-21 14:35 . 2010-08-28 01:25 -------- d-----w- c:\program files\McAfee
2010-08-21 14:35 . 2010-08-21 14:35 -------- d-----w- c:\programdata\McAfee
2010-08-18 22:59 . 2010-08-18 22:59 -------- d-----w- c:\programdata\NCH Swift Sound
2010-08-18 22:58 . 2010-08-18 22:58 -------- d-----w- c:\users\Declan\AppData\Roaming\NCH Swift Sound
2010-08-18 22:58 . 2010-08-18 22:58 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-18 22:32 . 2010-09-09 13:08 -------- d-----w- c:\program files\JDownloader
2010-08-18 19:44 . 2010-08-18 19:57 -------- d-----w- c:\users\Declan\Cubase audio
2010-08-18 19:27 . 2010-08-21 16:35 -------- d-----w- c:\program files\Steinberg
2010-08-17 14:00 . 2010-08-17 14:01 -------- d-----w- c:\users\Declan\generator manuals
2010-08-16 15:33 . 2010-08-16 15:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-16 15:31 . 2010-08-16 15:32 31553008 ----a-w- c:\users\Declan\AppData\Roaming\OpenCandy\OpenCandy_B60F9A577C454861BD6CF07487638A75\p2v1SnagitEN.exe
2010-08-16 15:31 . 2010-08-16 15:37 -------- d-----w- c:\users\Declan\AppData\Local\OpenCandy
2010-08-16 15:31 . 2010-08-16 15:31 331304 ----a-w- c:\users\Declan\AppData\Roaming\OpenCandy\OpenCandy_B60F9A577C454861BD6CF07487638A75\DLMgr_3_1.6.44.exe
2010-08-16 15:31 . 2010-08-16 15:31 -------- d-----w- c:\users\Declan\AppData\Roaming\OpenCandy
2010-08-16 15:31 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-16 15:31 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-16 15:29 . 2010-08-16 15:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-16 15:29 . 2010-08-21 09:50 -------- d-----w- c:\program files\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 21:43 . 2010-07-06 08:17 303700 ----a-w- c:\programdata\nvModes.dat
2010-09-14 06:58 . 2008-06-25 18:27 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-12 12:42 . 2010-09-12 12:41 108 ----a-w- c:\users\Declan\AppData\Roaming\wklnhst.dat
2010-09-12 00:09 . 2010-07-22 20:16 -------- d-----w- c:\users\Declan\AppData\Roaming\Spotify
2010-09-07 21:39 . 2010-07-06 09:36 -------- d-----w- c:\users\Declan\AppData\Roaming\gtk-2.0
2010-09-06 12:16 . 2010-07-06 09:07 -------- d-----w- c:\program files\REAPER
2010-09-04 00:12 . 2010-07-19 13:04 -------- d-----w- c:\users\Declan\AppData\Roaming\Skype
2010-09-03 22:05 . 2010-07-19 13:05 -------- d-----w- c:\users\Declan\AppData\Roaming\skypePM
2010-08-29 13:35 . 2010-08-03 08:10 -------- d-----w- c:\users\Declan\AppData\Roaming\vlc
2010-08-29 09:06 . 2010-07-06 08:23 -------- d-----w- c:\programdata\CyberLink
2010-08-29 08:20 . 2010-07-16 16:03 -------- d-----w- c:\users\Declan\AppData\Roaming\CyberLink
2010-08-27 11:56 . 2008-06-25 19:04 -------- d-----w- c:\programdata\Hewlett-Packard
2010-08-27 11:53 . 2008-06-25 18:55 -------- d-----w- c:\program files\HP
2010-08-27 10:39 . 2008-06-25 18:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-27 10:35 . 2008-06-25 18:40 -------- d-----w- c:\programdata\Symantec
2010-08-21 23:49 . 2010-07-08 23:53 -------- d-----w- c:\users\Declan\AppData\Roaming\dvdcss
2010-08-21 09:51 . 2010-07-19 13:03 -------- d-----r- c:\program files\Skype
2010-08-18 19:34 . 2010-07-06 00:02 110240 ----a-w- c:\users\Declan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-07 21:46 . 2010-08-07 21:46 -------- d-----w- c:\program files\Roland
2010-08-07 21:46 . 2008-06-25 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 21:45 . 2010-08-07 21:45 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-07-26 18:47 . 2010-07-26 18:47 1201400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-22 20:16 . 2010-07-22 20:16 655360 ----a-w- c:\users\Declan\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-07-22 20:16 . 2010-07-22 20:16 282624 ----a-w- c:\users\Declan\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-07-22 20:16 . 2010-07-22 20:16 208896 ----a-w- c:\users\Declan\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-07-22 20:16 . 2010-07-22 20:16 -------- d-----w- c:\program files\Spotify
2010-07-21 12:02 . 2010-07-21 12:01 -------- d-----w- c:\program files\ContentaConverter-PREMIUM
2010-07-21 07:25 . 2010-07-19 09:36 -------- d-----w- c:\users\Declan\AppData\Roaming\REAPER
2010-07-19 14:42 . 2010-07-19 14:42 -------- d-----w- c:\programdata\LightScribe
2010-07-19 13:03 . 2010-07-19 13:03 -------- d-----w- c:\program files\Common Files\Skype
2010-07-19 13:03 . 2010-07-19 13:03 -------- d-----w- c:\programdata\Skype
2010-07-19 09:47 . 2010-07-19 09:47 -------- d-----w- c:\users\Declan\AppData\Roaming\Nero
2010-07-19 09:46 . 2010-07-19 09:44 -------- d-----w- c:\program files\Common Files\Nero
2010-07-19 09:44 . 2010-07-19 09:44 -------- d-----w- c:\programdata\Nero
2010-07-19 09:44 . 2010-07-19 09:44 -------- d-----w- c:\program files\Nero
2010-07-18 22:37 . 2010-07-18 22:37 31494960 ----a-w- c:\users\Declan\AppData\Roaming\OpenCandy\OpenCandy_B60F9A577C454861BD6CF07487638A75\snagit.exe
2010-07-15 14:47 . 2010-07-15 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-08 18:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-06 08:13 . 2010-07-06 08:13 125 ----a-w- c:\windows\xUninstall.bat
2010-07-06 00:27 . 2008-06-25 19:53 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-07-06 00:10 . 2010-07-06 00:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-11 22:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 22:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 22:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 22:15 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 22:15 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 22:14 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 22:14 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-06-30 11:44 . 2010-07-06 07:50 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-01-23 00:31 . 2010-07-06 08:55 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-06-25 17:18 . 2008-06-25 17:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
R3 MODBDA2;DiBcom MOD3000 TV Receiver;c:\windows\system32\Drivers\yuanmodbda2.sys [2007-04-03 32256]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2001-04-13 188276]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-17 97936]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {5D330FF0-27A9-4C88-8404-27F21641CBAF} = 156.154.70.22,156.154.71.22
TCP: {C31E535F-420E-4FEC-A116-D1E62657A1A1} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 00:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Declan\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.exe'(340)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2010-09-15 00:05:48
ComboFix-quarantined-files.txt 2010-09-14 22:05

Pre-Run: 112.643.178.496 bytes free
Post-Run: 112.581.644.288 bytes free

- - End Of File - - 0996AE796DCAF986A74F8DEF24B4A814





MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 203):
0x81E03000 \SystemRoot\system32\ntkrnlpa.exe
0x821BC000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\system32\drivers\isapnp.sys
0x80720000 \SystemRoot\system32\drivers\mpio.sys
0x8073C000 \SystemRoot\System32\drivers\partmgr.sys
0x8074B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8074E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80758000 \SystemRoot\system32\drivers\volmgr.sys
0x80767000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B1000 \SystemRoot\system32\drivers\intelide.sys
0x807B8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C6000 \SystemRoot\system32\drivers\pciide.sys
0x807CD000 \SystemRoot\system32\drivers\aliide.sys
0x807D4000 \SystemRoot\system32\drivers\amdide.sys
0x807DB000 \SystemRoot\system32\drivers\cmdide.sys
0x807E3000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B4000 \SystemRoot\system32\drivers\msdsm.sys
0x805CE000 \SystemRoot\system32\drivers\nvraid.sys
0x88000000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88021000 \SystemRoot\system32\drivers\viaide.sys
0x88029000 \SystemRoot\system32\drivers\iastorv.sys
0x880CA000 \SystemRoot\system32\drivers\atapi.sys
0x880D2000 \SystemRoot\system32\drivers\ataport.SYS
0x880F0000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8810A000 \SystemRoot\system32\drivers\storport.sys
0x8814B000 \SystemRoot\system32\drivers\nvstor.sys
0x88158000 \SystemRoot\system32\drivers\msahci.sys
0x88162000 \SystemRoot\system32\drivers\hpcisss.sys
0x8816D000 \SystemRoot\system32\drivers\adp94xx.sys
0x88205000 \SystemRoot\system32\drivers\adpahci.sys
0x88251000 \SystemRoot\system32\drivers\adpu160m.sys
0x8826C000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x88292000 \SystemRoot\system32\drivers\adpu320.sys
0x882B8000 \SystemRoot\system32\drivers\djsvs.sys
0x882CC000 \SystemRoot\system32\drivers\arc.sys
0x882E2000 \SystemRoot\system32\drivers\arcsas.sys
0x882F8000 \SystemRoot\system32\drivers\elxstor.sys
0x8838C000 \SystemRoot\system32\drivers\i2omp.sys
0x88396000 \SystemRoot\system32\drivers\iirsp.sys
0x883A6000 \SystemRoot\system32\drivers\iteatapi.sys
0x883B2000 \SystemRoot\system32\drivers\iteraid.sys
0x883BE000 \SystemRoot\system32\drivers\lsi_fc.sys
0x883D8000 \SystemRoot\system32\drivers\lsi_sas.sys
0x883F0000 \SystemRoot\system32\drivers\megasas.sys
0x88400000 \SystemRoot\system32\drivers\megasr.sys
0x884B7000 \SystemRoot\system32\drivers\mraid35x.sys
0x884C2000 \SystemRoot\system32\drivers\nfrd960.sys
0x88604000 \SystemRoot\system32\drivers\ql2300.sys
0x8873C000 \SystemRoot\system32\drivers\ql40xx.sys
0x88791000 \SystemRoot\system32\drivers\sisraid2.sys
0x8879E000 \SystemRoot\system32\drivers\sisraid4.sys
0x887B3000 \SystemRoot\system32\drivers\symc8xx.sys
0x887BF000 \SystemRoot\system32\drivers\sym_hi.sys
0x887CA000 \SystemRoot\system32\drivers\sym_u3.sys
0x884D0000 \SystemRoot\system32\drivers\uliahci.sys
0x887D5000 \SystemRoot\system32\drivers\ulsata.sys
0x8850C000 \SystemRoot\system32\drivers\ulsata2.sys
0x88538000 \SystemRoot\system32\drivers\vsmraid.sys
0x88559000 \SystemRoot\system32\drivers\fltmgr.sys
0x8858B000 \SystemRoot\system32\drivers\fileinfo.sys
0x88803000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88874000 \SystemRoot\system32\drivers\ndis.sys
0x8897F000 \SystemRoot\system32\drivers\msrpc.sys
0x889AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x88A03000 \SystemRoot\System32\drivers\tcpip.sys
0x88AED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88C02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D12000 \SystemRoot\system32\drivers\wd.sys
0x88D1A000 \SystemRoot\system32\drivers\volsnap.sys
0x88D53000 \SystemRoot\System32\Drivers\spldr.sys
0x88D5B000 \SystemRoot\system32\drivers\sbp2port.sys
0x88D70000 \SystemRoot\System32\Drivers\mup.sys
0x88D7F000 \SystemRoot\System32\drivers\ecache.sys
0x88DA6000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x88DAF000 \SystemRoot\system32\drivers\disk.sys
0x88DC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x88DEB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88B08000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88DF6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CA0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D37F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x88B17000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D381000 \SystemRoot\System32\drivers\watchdog.sys
0x8D38D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D398000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D3D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D60A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D805000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8DB8E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8DBAF000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8DBC7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DBDA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8DBDF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D697000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8DBEA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D6C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DBF5000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8D6DB000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8D6F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D6FC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D72B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D736000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D74D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D758000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D77B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D78A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D79E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D7B3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D7C3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D7ED000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8D600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D3E5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88BB6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88BEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F80D000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8F874000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8F8A1000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8F8C6000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8F9EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F9EE000 \SystemRoot\system32\drivers\modem.sys
0x8D3F2000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F800000 \SystemRoot\system32\DRIVERS\hidir.sys
0x889E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CA00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x889F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x887F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8859B000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x885D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CA07000 \SystemRoot\System32\Drivers\Null.SYS
0x885DE000 \SystemRoot\System32\Drivers\Beep.SYS
0x885E5000 \SystemRoot\System32\drivers\vga.sys
0x881D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x885F1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x881F8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x807F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x805E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x80600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FE0D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FE23000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8FE2D000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x8FE37000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FE4B000 \SystemRoot\system32\drivers\afd.sys
0x8FE93000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8FE98000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FECA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FEE0000 \SystemRoot\system32\DRIVERS\inspect.sys
0x8FEF5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FF03000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FF16000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FF52000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FF5C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FF73000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8FF9A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FFB1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FFD2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FFDF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FFEA000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97A50000 \SystemRoot\System32\win32k.sys
0x8FFF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x88DC9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97C70000 \SystemRoot\System32\TSDDD.dll
0x97C90000 \SystemRoot\System32\cdd.dll
0x9C409000 \SystemRoot\system32\drivers\luafv.sys
0x9C424000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9C45B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9C45E000 \SystemRoot\system32\drivers\spsys.sys
0x9C50E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C51E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C548000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C552000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C565000 \SystemRoot\system32\drivers\HTTP.sys
0x9C5D2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EC09000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EC22000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EC37000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EC58000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EC77000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9ECB0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9ECC8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ECEF000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FE0E000 \SystemRoot\system32\drivers\peauth.sys
0x9FEEC000 \??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
0x9FF14000 \??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
0x9FF3C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FF46000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FF54000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9FF6A000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x9FF6C000 \??\C:\Users\Declan\AppData\Local\Temp\catchme.sys
0x9FF74000 \??\C:\Users\Declan\AppData\Local\Temp\mbr.sys
0x777B0000 \WINDOWS\System32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
476 C:\WINDOWS\System32\smss.exe
544 csrss.exe
596 C:\WINDOWS\System32\wininit.exe
604 csrss.exe
640 C:\WINDOWS\System32\services.exe
652 C:\WINDOWS\System32\lsass.exe
660 C:\WINDOWS\System32\lsm.exe
808 C:\WINDOWS\System32\svchost.exe
864 C:\WINDOWS\System32\nvvsvc.exe
892 C:\WINDOWS\System32\svchost.exe
940 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
984 C:\WINDOWS\System32\svchost.exe
1064 C:\WINDOWS\System32\svchost.exe
1092 C:\WINDOWS\System32\svchost.exe
1120 C:\WINDOWS\System32\winlogon.exe
1132 C:\WINDOWS\System32\svchost.exe
1156 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
1416 C:\WINDOWS\System32\audiodg.exe
1452 C:\WINDOWS\System32\svchost.exe
1468 C:\WINDOWS\System32\SLsvc.exe
1500 C:\WINDOWS\System32\svchost.exe
1592 C:\WINDOWS\System32\hpservice.exe
1784 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1812 C:\WINDOWS\System32\nvvsvc.exe
692 C:\WINDOWS\System32\spoolsv.exe
816 C:\WINDOWS\System32\svchost.exe
1924 C:\WINDOWS\System32\agrsmsvc.exe
1528 C:\WINDOWS\System32\svchost.exe
764 C:\WINDOWS\System32\svchost.exe
2072 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2180 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2240 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2256 C:\WINDOWS\System32\rundll32.exe
2296 C:\WINDOWS\System32\svchost.exe
2324 C:\WINDOWS\System32\svchost.exe
2352 C:\WINDOWS\System32\svchost.exe
2388 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2408 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2420 C:\WINDOWS\SMINST\BLService.exe
2448 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2468 C:\WINDOWS\System32\svchost.exe
2512 C:\WINDOWS\System32\svchost.exe
2540 C:\WINDOWS\System32\SearchIndexer.exe
2580 C:\WINDOWS\System32\taskeng.exe
3800 C:\WINDOWS\System32\taskeng.exe
3832 C:\WINDOWS\System32\dwm.exe
2796 C:\Program Files\Apoint2K\Apoint.exe
2840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2228 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2712 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3128 C:\WINDOWS\ehome\ehtray.exe
2940 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3392 C:\WINDOWS\ehome\ehmsas.exe
2812 C:\Program Files\Apoint2K\ApMsgFwd.exe
1392 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2924 WmiPrvSE.exe
3792 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3236 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3008 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3004 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3304 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2784 C:\WINDOWS\System32\conime.exe
2992 C:\WINDOWS\explorer.exe
2036 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
272 C:\WINDOWS\System32\SearchProtocolHost.exe
1440 C:\WINDOWS\System32\SearchFilterHost.exe
4840 C:\Users\Declan\Desktop\hay virus\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`d9f00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9A300, Rev: BBFOC3MP

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!





2010/09/15 00:23:00.0720 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/15 00:23:00.0720 ================================================================================
2010/09/15 00:23:00.0720 SystemInfo:
2010/09/15 00:23:00.0720
2010/09/15 00:23:00.0720 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/15 00:23:00.0720 Product type: Workstation
2010/09/15 00:23:00.0720 ComputerName: DECLAN-PC
2010/09/15 00:23:00.0720 UserName: Declan
2010/09/15 00:23:00.0720 Windows directory: C:\Windows
2010/09/15 00:23:00.0720 System windows directory: C:\Windows
2010/09/15 00:23:00.0720 Processor architecture: Intel x86
2010/09/15 00:23:00.0720 Number of processors: 2
2010/09/15 00:23:00.0720 Page size: 0x1000
2010/09/15 00:23:00.0720 Boot type: Normal boot
2010/09/15 00:23:00.0720 ================================================================================
2010/09/15 00:23:01.0203 Initialize success
2010/09/15 00:23:05.0634 ================================================================================
2010/09/15 00:23:05.0634 Scan started
2010/09/15 00:23:05.0634 Mode: Manual;
2010/09/15 00:23:05.0634 ================================================================================
2010/09/15 00:23:06.0788 Accelerometer (e2346d37ce60f2d928857ee33d04cbdf) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/09/15 00:23:06.0882 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/15 00:23:06.0991 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/15 00:23:07.0038 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/15 00:23:07.0069 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/15 00:23:07.0131 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/15 00:23:07.0225 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/15 00:23:07.0365 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/09/15 00:23:07.0506 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/15 00:23:07.0553 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/15 00:23:07.0584 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/09/15 00:23:07.0615 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/15 00:23:07.0709 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/09/15 00:23:07.0771 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/15 00:23:07.0787 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/15 00:23:07.0896 ApfiltrService (b90e6ec1c41e3c6cc4f69baa9d74515c) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/09/15 00:23:07.0958 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/15 00:23:08.0067 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/15 00:23:08.0130 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/09/15 00:23:08.0192 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/09/15 00:23:08.0255 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/09/15 00:23:08.0379 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/09/15 00:23:08.0504 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/09/15 00:23:08.0598 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/15 00:23:08.0676 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/15 00:23:08.0894 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/09/15 00:23:09.0019 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/15 00:23:09.0113 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/15 00:23:09.0159 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/15 00:23:09.0206 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/15 00:23:09.0284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/15 00:23:09.0378 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/15 00:23:09.0393 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/15 00:23:09.0487 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/15 00:23:09.0534 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/15 00:23:09.0596 BthEnum (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/15 00:23:09.0690 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/15 00:23:09.0752 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/15 00:23:09.0830 BTHPORT (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
2010/09/15 00:23:09.0955 BTHUSB (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/15 00:23:10.0142 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/15 00:23:10.0220 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/15 00:23:10.0298 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/15 00:23:10.0376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/15 00:23:10.0517 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/15 00:23:10.0579 cmdGuard (dc3f35fcc4115555f47a961f0550a5d5) C:\Windows\system32\DRIVERS\cmdguard.sys
2010/09/15 00:23:10.0610 cmdHlp (b2ff250b36a92b7e1c1657afcde9582f) C:\Windows\system32\DRIVERS\cmdhlp.sys
2010/09/15 00:23:10.0688 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/09/15 00:23:10.0735 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/15 00:23:10.0766 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/15 00:23:10.0829 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/15 00:23:10.0922 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/15 00:23:11.0047 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/15 00:23:11.0125 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/09/15 00:23:11.0219 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/09/15 00:23:11.0250 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/09/15 00:23:11.0359 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/15 00:23:11.0484 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/15 00:23:11.0593 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/15 00:23:11.0733 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/15 00:23:11.0936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/15 00:23:12.0030 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2010/09/15 00:23:12.0155 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/15 00:23:12.0264 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/15 00:23:12.0373 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/15 00:23:12.0435 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/15 00:23:12.0482 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/15 00:23:12.0576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/15 00:23:12.0607 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/15 00:23:12.0685 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/15 00:23:12.0841 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/15 00:23:12.0872 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/15 00:23:12.0919 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/15 00:23:13.0044 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/15 00:23:13.0153 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/15 00:23:13.0215 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/15 00:23:13.0340 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/15 00:23:13.0434 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/15 00:23:13.0465 hpdskflt (20c3de306e40ca433581e0db4578546e) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/09/15 00:23:13.0574 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/09/15 00:23:13.0637 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/09/15 00:23:13.0699 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/09/15 00:23:13.0824 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/15 00:23:13.0933 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/15 00:23:13.0995 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/15 00:23:14.0105 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/15 00:23:14.0167 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/15 00:23:14.0214 inspect (85fa4bb28c99e115281357e0b65c49e2) C:\Windows\system32\DRIVERS\inspect.sys
2010/09/15 00:23:14.0323 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/09/15 00:23:14.0401 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/15 00:23:14.0479 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/15 00:23:14.0604 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/15 00:23:14.0635 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/15 00:23:14.0666 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/15 00:23:14.0729 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/15 00:23:14.0822 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/15 00:23:14.0838 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/15 00:23:14.0869 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/15 00:23:14.0900 JMCR (cb6adbbf837c10abcd4ecc48fd3255b4) C:\Windows\system32\DRIVERS\jmcr.sys
2010/09/15 00:23:14.0963 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/15 00:23:15.0056 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/15 00:23:15.0103 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/15 00:23:15.0212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/15 00:23:15.0275 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/15 00:23:15.0290 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/15 00:23:15.0321 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/15 00:23:15.0337 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/15 00:23:15.0446 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/15 00:23:15.0493 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/15 00:23:15.0602 MODBDA2 (348e40881de5af60167133461a2a9be8) C:\Windows\system32\Drivers\yuanmodbda2.sys
2010/09/15 00:23:15.0711 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/15 00:23:15.0821 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/15 00:23:15.0867 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/15 00:23:15.0899 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/15 00:23:15.0992 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/15 00:23:16.0039 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/15 00:23:16.0086 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/15 00:23:16.0179 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/15 00:23:16.0242 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/15 00:23:16.0289 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/15 00:23:16.0367 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/15 00:23:16.0398 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/15 00:23:16.0507 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/09/15 00:23:16.0616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/15 00:23:16.0663 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/15 00:23:16.0710 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/15 00:23:16.0819 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/15 00:23:16.0881 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/15 00:23:16.0913 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/15 00:23:17.0006 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/15 00:23:17.0084 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/15 00:23:17.0115 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/15 00:23:17.0209 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/15 00:23:17.0303 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/15 00:23:17.0412 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/15 00:23:17.0505 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/15 00:23:17.0599 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/15 00:23:17.0693 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/15 00:23:17.0786 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/15 00:23:17.0864 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/15 00:23:17.0973 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/15 00:23:18.0145 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/09/15 00:23:18.0332 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/15 00:23:18.0379 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/15 00:23:18.0426 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/15 00:23:18.0519 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/15 00:23:18.0660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/15 00:23:18.0738 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/15 00:23:18.0863 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2010/09/15 00:23:18.0941 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2010/09/15 00:23:19.0518 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/15 00:23:19.0845 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/15 00:23:19.0877 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/15 00:23:19.0908 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/15 00:23:20.0064 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/09/15 00:23:20.0142 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/15 00:23:20.0204 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/15 00:23:20.0282 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/15 00:23:20.0345 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/15 00:23:20.0391 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/09/15 00:23:20.0469 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/15 00:23:20.0579 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/15 00:23:20.0719 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/15 00:23:20.0766 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/15 00:23:20.0859 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/15 00:23:20.0969 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/15 00:23:21.0078 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/15 00:23:21.0140 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/15 00:23:21.0171 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/15 00:23:21.0249 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/15 00:23:21.0327 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/15 00:23:21.0374 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/15 00:23:21.0483 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/15 00:23:21.0561 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/15 00:23:21.0608 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/15 00:23:21.0686 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/15 00:23:21.0764 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/15 00:23:21.0827 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/15 00:23:21.0920 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/15 00:23:21.0998 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/09/15 00:23:22.0107 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
2010/09/15 00:23:22.0139 RVIEGVST (3c74d9fdb1d9831ec932e89f3d874f00) C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
2010/09/15 00:23:22.0232 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/15 00:23:22.0295 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/15 00:23:22.0341 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/15 00:23:22.0388 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/15 00:23:22.0497 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/15 00:23:22.0575 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/15 00:23:22.0622 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/09/15 00:23:22.0669 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/15 00:23:22.0747 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/15 00:23:22.0794 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/15 00:23:22.0825 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/15 00:23:22.0856 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/15 00:23:22.0872 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/15 00:23:22.0965 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/15 00:23:23.0059 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/15 00:23:23.0106 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/15 00:23:23.0199 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/15 00:23:23.0262 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/15 00:23:23.0371 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys
2010/09/15 00:23:23.0465 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/15 00:23:23.0527 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/15 00:23:23.0621 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/15 00:23:23.0636 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/15 00:23:23.0745 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/15 00:23:23.0917 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/15 00:23:24.0042 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/15 00:23:24.0104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/15 00:23:24.0135 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/15 00:23:24.0260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/15 00:23:24.0307 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/15 00:23:24.0401 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/15 00:23:24.0447 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/15 00:23:24.0557 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/15 00:23:24.0666 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/15 00:23:24.0728 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/15 00:23:24.0822 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/15 00:23:24.0884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/15 00:23:24.0915 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/15 00:23:24.0947 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/15 00:23:25.0056 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/15 00:23:25.0087 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/15 00:23:25.0196 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/15 00:23:25.0259 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/15 00:23:25.0337 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/15 00:23:25.0399 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/15 00:23:25.0477 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/15 00:23:25.0571 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/15 00:23:25.0633 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/15 00:23:25.0680 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/15 00:23:25.0773 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/15 00:23:25.0820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/15 00:23:25.0898 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/15 00:23:25.0992 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/15 00:23:26.0039 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/09/15 00:23:26.0085 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/15 00:23:26.0163 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/15 00:23:26.0241 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/15 00:23:26.0273 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/15 00:23:26.0335 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/15 00:23:26.0382 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/15 00:23:26.0397 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/15 00:23:26.0475 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/15 00:23:26.0522 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/15 00:23:26.0663 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/09/15 00:23:26.0819 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/15 00:23:26.0912 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/15 00:23:26.0959 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/15 00:23:27.0053 ================================================================================
2010/09/15 00:23:27.0053 Scan finished
2010/09/15 00:23:27.0053 ================================================================================
2010/09/15 00:24:01.0965 Deinitialize success
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 12,818 posts
  • MVP
Sorry for the delay. We were up in the mountains the the last 4 days and didn't have internet access.

The PUP (Potentially Unwanted Program) that Avast removed was a false positive. Can't say about your printer software but it may also have been another false positive tho it is possible for any site to be compromised. GeeksToGo got compromised last month and they had to close it twice until they finally got it fixed. Best just to quarantine files then if you have a question about them you can submit them to http://virustotal.com and get a second opinion from 40 or so other anti-virus companies. (Also a good idea to check out any file you download with virustotal before you run it.)

MBRCheck did not like your MBR. This is normal if you have an HP/Compaq. HP uses a nonstandard MBR so that you have the option of reverting the PC back to the way it came from the factory but it causes us a lot of problems since we can't be sure.

Combofix is showing that your Avast is not correctly installed.

S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]

These are Avast drivers that did not get installed. Uninstall Avast and then reinstall it. Make sure when you reinstall it that you right click on the install file and select Run As Administrator.

Once you've done that, rerun george (combofix) and post the log.

I'm not seeing any infections now. Let's try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

If you're feeling paranoid you can run the ESET scan but it takes hours.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron
  • 0

#5
declanomad

declanomad

    Member

  • Member
  • PipPip
  • 16 posts
You did a healthy thing not working in the mountains. I back you up totally on that one.

Thanks for the Virustotal link. I have spent quite a lot of time this year cleaning my computer of infections. 2 formats, and two repairs
with yourselves. Antivirus is becoming a big industry. There is a popular urban myth here that the viruses come from microsoft. I doubt it myself, but it's a commonly held view among the people I know. Many people also say, 'if I can I'll get a Mac'. I like the fact that the geeks to go techs, by working for free for the community have developed very marketable skills. Who says altruism is for losers?!

I have followed your instructions for the second stage of the repair.
I have un and re installed Avast (Ran as administrator).
Sounds like they haven't finished writing MBRCheck, HP is quite a common brand.
Eset ran while I was asleep, and found 9 infected files (If they are false positives, I could be paranoid!!)

Thanks again, Declan



HERE ARE THE COMBOFIX BIT DEFENDER AND ESET LOG


ComboFix 10-09-17.04 - Declan 18/09/2010 22:03:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.1033.18.2045.1281 [GMT 2:00]
Running from: c:\users\Declan\Desktop\george.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 20:16 . 2010-09-18 20:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-18 20:16 . 2010-09-18 20:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-18 20:16 . 2010-09-18 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 18:58 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-18 18:58 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-18 18:58 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-18 18:58 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-18 18:57 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-18 18:57 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-18 18:57 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-15 10:42 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:42 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:42 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:42 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 21:45 . 2010-09-14 22:05 -------- d-----w- C:\george
2010-09-12 13:06 . 2010-09-12 13:06 -------- d-----w- C:\_OTL
2010-09-12 12:41 . 2010-09-12 12:41 -------- d-----w- c:\users\Declan\AppData\Roaming\Template
2010-09-09 13:08 . 2010-09-09 13:08 -------- d-----w- c:\users\Declan\AppData\Local\Hewlett-Packard
2010-09-09 00:14 . 2010-09-09 00:14 -------- d-----w- c:\users\Declan\AppData\Roaming\Malwarebytes
2010-09-09 00:14 . 2010-09-09 00:14 -------- d-----w- c:\programdata\Malwarebytes
2010-09-07 21:58 . 2010-09-07 23:43 -------- d-----w- c:\users\Guest\AppData\Roaming\vlc
2010-09-07 21:55 . 2010-09-07 21:55 110240 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 08:11 . 2010-08-29 09:05 -------- d-----w- c:\program files\HP DVB-T TV Tuner
2010-08-28 14:53 . 2010-08-29 08:24 -------- d-----w- c:\users\Declan\Desktop Toolbar
2010-08-28 02:44 . 2010-08-28 02:44 -------- d-----w- c:\program files\ERUNT
2010-08-28 01:35 . 2010-08-28 01:36 23684 ----a-w- c:\windows\hpqins15.dat
2010-08-27 12:12 . 2010-08-29 08:56 -------- d-----w- c:\users\Declan\AppData\Roaming\HP
2010-08-27 12:04 . 2010-08-27 12:04 -------- d-----w- c:\programdata\WEBREG
2010-08-27 11:58 . 2010-08-27 11:58 -------- d-----w- c:\programdata\HP Product Assistant
2010-08-27 11:57 . 2010-08-27 11:57 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-27 11:57 . 2010-08-27 11:57 -------- d-----w- c:\program files\Common Files\HP
2010-08-27 11:56 . 2007-10-20 16:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-08-27 11:54 . 2007-10-20 16:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2010-08-27 11:52 . 2010-08-27 12:09 157380 ----a-w- c:\windows\hpoins27.dat
2010-08-27 11:52 . 2007-12-13 17:31 932 ------w- c:\windows\hpomdl27.dat
2010-08-27 11:44 . 2010-08-29 08:56 -------- d-----w- c:\programdata\HP
2010-08-27 11:44 . 2007-11-09 06:52 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-08-27 11:44 . 2007-10-31 00:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-08-27 11:44 . 2007-10-31 00:25 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-08-27 11:44 . 2007-10-31 00:11 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2010-08-27 11:44 . 2007-10-31 00:11 303104 ----a-w- c:\windows\system32\hpovst15.dll
2010-08-27 11:44 . 2007-10-31 00:11 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2010-08-27 11:12 . 2010-08-27 11:12 -------- d-----w- c:\programdata\Alwil Software
2010-08-27 11:12 . 2010-08-27 11:12 -------- d-----w- c:\program files\Alwil Software
2010-08-27 10:54 . 2010-08-27 10:55 -------- d-----w- c:\programdata\COMODO
2010-08-27 10:49 . 2010-08-27 10:49 -------- d-----w- c:\program files\COMODO
2010-08-27 10:46 . 2010-08-27 10:47 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-21 19:19 . 2010-08-21 19:23 -------- d-----w- c:\users\Declan\dwhelper
2010-08-21 18:37 . 2010-08-21 18:39 -------- d-----w- c:\users\Declan\AppData\Roaming\Apple Computer
2010-08-21 18:37 . 2010-08-21 18:37 -------- d-----w- c:\users\Declan\AppData\Local\Apple Computer
2010-08-21 18:36 . 2010-08-21 18:51 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-21 18:35 . 2010-08-21 18:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 18:33 . 2010-09-07 23:47 -------- d-----w- c:\programdata\Apple Computer
2010-08-21 18:32 . 2010-08-21 18:32 -------- d-----w- c:\users\Declan\AppData\Local\Apple
2010-08-21 16:45 . 2010-08-21 19:25 -------- d-----w- c:\users\Declan\AppData\Roaming\Steinberg
2010-08-21 14:35 . 2010-08-21 14:35 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-21 14:35 . 2010-08-28 01:25 -------- d-----w- c:\program files\McAfee
2010-08-21 14:35 . 2010-08-21 14:35 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:55 . 2010-07-06 08:17 303700 ----a-w- c:\programdata\nvModes.dat
2010-09-18 19:40 . 2008-06-25 18:27 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-15 15:51 . 2010-07-06 09:07 -------- d-----w- c:\program files\REAPER
2010-09-15 13:05 . 2010-07-08 23:53 -------- d-----w- c:\users\Declan\AppData\Roaming\dvdcss
2010-09-12 12:42 . 2010-09-12 12:41 108 ----a-w- c:\users\Declan\AppData\Roaming\wklnhst.dat
2010-09-12 00:09 . 2010-07-22 20:16 -------- d-----w- c:\users\Declan\AppData\Roaming\Spotify
2010-09-09 13:08 . 2010-08-18 22:32 -------- d-----w- c:\program files\JDownloader
2010-09-07 21:39 . 2010-07-06 09:36 -------- d-----w- c:\users\Declan\AppData\Roaming\gtk-2.0
2010-09-04 00:12 . 2010-07-19 13:04 -------- d-----w- c:\users\Declan\AppData\Roaming\Skype
2010-09-03 22:05 . 2010-07-19 13:05 -------- d-----w- c:\users\Declan\AppData\Roaming\skypePM
2010-08-29 13:35 . 2010-08-03 08:10 -------- d-----w- c:\users\Declan\AppData\Roaming\vlc
2010-08-29 09:06 . 2010-07-06 08:23 -------- d-----w- c:\programdata\CyberLink
2010-08-29 08:20 . 2010-07-16 16:03 -------- d-----w- c:\users\Declan\AppData\Roaming\CyberLink
2010-08-27 11:56 . 2008-06-25 19:04 -------- d-----w- c:\programdata\Hewlett-Packard
2010-08-27 11:53 . 2008-06-25 18:55 -------- d-----w- c:\program files\HP
2010-08-27 10:39 . 2008-06-25 18:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-27 10:35 . 2008-06-25 18:40 -------- d-----w- c:\programdata\Symantec
2010-08-21 16:35 . 2010-08-18 19:27 -------- d-----w- c:\program files\Steinberg
2010-08-21 09:51 . 2010-07-19 13:03 -------- d-----r- c:\program files\Skype
2010-08-21 09:50 . 2010-08-16 15:29 -------- d-----w- c:\program files\Winamp
2010-08-18 22:59 . 2010-08-18 22:59 -------- d-----w- c:\programdata\NCH Swift Sound
2010-08-18 22:58 . 2010-08-18 22:58 -------- d-----w- c:\users\Declan\AppData\Roaming\NCH Swift Sound
2010-08-18 22:58 . 2010-08-18 22:58 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-18 19:34 . 2010-07-06 00:02 110240 ----a-w- c:\users\Declan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 07:27 . 2010-08-17 07:27 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-08-16 15:33 . 2010-08-16 15:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-16 15:32 . 2010-08-16 15:31 31553008 ----a-w- c:\users\Declan\AppData\Roaming\OpenCandy\OpenCandy_B60F9A577C454861BD6CF07487638A75\p2v1SnagitEN.exe
2010-08-16 15:31 . 2010-08-16 15:31 331304 ----a-w- c:\users\Declan\AppData\Roaming\OpenCandy\OpenCandy_B60F9A577C454861BD6CF07487638A75\DLMgr_3_1.6.44.exe
2010-08-16 15:31 . 2010-08-16 15:31 -------- d-----w- c:\users\Declan\AppData\Roaming\OpenCandy
2010-08-16 15:29 . 2010-08-16 15:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-07 21:46 . 2010-08-07 21:46 -------- d-----w- c:\program files\Roland
2010-08-07 21:46 . 2008-06-25 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 21:45 . 2010-08-07 21:45 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-07-26 18:47 . 2010-07-26 18:47 1201400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-22 20:16 . 2010-07-22 20:16 655360 ----a-w- c:\users\Declan\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-07-22 20:16 . 2010-07-22 20:16 282624 ----a-w- c:\users\Declan\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-07-22 20:16 . 2010-07-22 20:16 208896 ----a-w- c:\users\Declan\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-07-22 20:16 . 2010-07-22 20:16 -------- d-----w- c:\program files\Spotify
2010-07-21 12:02 . 2010-07-21 12:01 -------- d-----w- c:\program files\ContentaConverter-PREMIUM
2010-07-21 07:25 . 2010-07-19 09:36 -------- d-----w- c:\users\Declan\AppData\Roaming\REAPER
2010-07-18 22:37 . 2010-07-18 22:37 31494960 ----a-w- c:\users\Declan\AppData\Roaming\OpenCandy\OpenCandy_B60F9A577C454861BD6CF07487638A75\snagit.exe
2010-07-15 14:47 . 2010-07-15 14:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-08 18:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-06 08:13 . 2010-07-06 08:13 125 ----a-w- c:\windows\xUninstall.bat
2010-07-06 00:27 . 2008-06-25 19:53 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-07-06 00:10 . 2010-07-06 00:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-11 22:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 22:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 22:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 22:15 2037760 ----a-w- c:\windows\system32\win32k.sys
2008-06-30 11:44 . 2010-07-06 07:50 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-01-23 00:31 . 2010-07-06 08:55 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-06-25 17:18 . 2008-06-25 17:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
R3 MODBDA2;DiBcom MOD3000 TV Receiver;c:\windows\system32\Drivers\yuanmodbda2.sys [2007-04-03 32256]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2001-04-13 188276]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-17 97936]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {5D330FF0-27A9-4C88-8404-27F21641CBAF} = 156.154.70.22,156.154.71.22
TCP: {C31E535F-420E-4FEC-A116-D1E62657A1A1} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 22:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(216)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2010-09-18 22:24:29
ComboFix-quarantined-files.txt 2010-09-18 20:24

Pre-Run: 110.082.273.280 bytes free
Post-Run: 110.058.991.616 bytes free

- - End Of File - - 99F391C5F572C27D8A793627927E5EB7







QuickScan Beta 32-bit v0.9.9.38
-------------------------------
Fecha de Análisis: Sat Sep 18 22:39:49 2010
ID de la Máquina: CA871702



No se han encontrado infecciones.
---------------------------------



Procesos
--------
hpwuSchd Application 4052 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Alps Pointing-device Driver 3908 C:\Program Files\Apoint2K\Apoint.exe
avast! Antivirus 4068 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
COMODO Internet Security 1320 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
Firefox 3564 C:\Program Files\Mozilla Firefox\firefox.exe
GPCore COM object 3512 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
hp digital imaging - hp all-in-one seri 1036 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
hp digital imaging - hp all-in-one seri 772 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
hp digital imaging - hp all-in-one seri 2636 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Quick Launch Buttons 3924 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
Microsoft® Windows® Operating System 3288 C:\WINDOWS\ehome\ehmsas.exe
Microsoft® Windows® Operating System 4084 C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System 216 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 3660 C:\WINDOWS\System32\dwm.exe
Microsoft® Windows® Operating System 3580 C:\WINDOWS\System32\taskeng.exe


Actividad de red
----------------
Proceso firefox.exe (3564) conectado en el puerto 443 (HTTP over SSL) --> 173.194.37.104
Proceso firefox.exe (3564) conectado en el puerto 443 (HTTP over SSL) --> 173.194.37.83
Proceso firefox.exe (3564) conectado en el puerto 443 (HTTP over SSL) --> 173.194.37.83
Proceso firefox.exe (3564) conectado en el puerto 443 (HTTP over SSL) --> 173.194.37.83
Proceso firefox.exe (3564) conectado en el puerto 443 (HTTP over SSL) --> 173.194.37.83
Proceso firefox.exe (3564) conectado en el puerto 443 (HTTP over SSL) --> 209.85.229.97



Autoruns y archivos críticos
----------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe
avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
COMODO Internet Security C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
COMODO Internet Security c:\windows\system32\guard32.dll
hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe
Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\browseui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
Windows® Internet Explorer C:\WINDOWS\System32\webcheck.dll


Plugins del Navegador
---------------------
BitDefender QuickScan C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\a6rpqaoz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Foxit Reader Plugin for Mozilla C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll
Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\wshbth.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\System32\ieframe.dll


Archivos perdidos
-----------------
Archivo no encontrado: C:\Users\Declan\AppData\Local\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

Archivo no encontrado: C:\Users\Declan\AppData\Local\Temp\mbr.sys
--> HKLM\System\ControlSet001\services\mbr\"ImagePath"

Archivo no encontrado: C:\Windows\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

Archivo no encontrado: System32\Drivers\usbaapl.sys
--> HKLM\System\ControlSet001\services\USBAAPL\"ImagePath"

Archivo no encontrado: system32\DRIVERS\UIUSYS.SYS
--> HKLM\System\ControlSet001\services\UIUSys\"ImagePath"

Archivo no encontrado: system32\DRIVERS\ipinip.sys
--> HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

Archivo no encontrado: system32\DRIVERS\nwlnkflt.sys
--> HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

Archivo no encontrado: system32\DRIVERS\nwlnkfwd.sys
--> HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


Analizar
--------


Archivo no enviado

Scan finished - communication took 1 sec
Total traffic - 0.03 MB enviado, 0.71 KB recibido
Scanned 855 files and modules - 30 seconds

==============================================================================






C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Users\Declan\Desktop\RECENT ITEMS\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Nero 8.2.8.0 (español) Trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Users\Declan\Programs\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Nero 8.2.8.0 (español) Trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 12,818 posts
  • MVP
This bunch:
C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

is most likely a false positive. Viruses do not normally come in different languages. Some sort of crap ware provided by HP. Don't think you will miss it.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined

is just a link to ebay but there is no need for you to go to ebay on startup.

C:\Users\Declan\Desktop\RECENT ITEMS\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Nero 8.2.8.0 (español) Trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Users\Declan\Programs\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Nero 8.2.8.0 (español) Trial.exe Win32/Toolbar.AskSBar application deleted - quarantined

Looks like some sort of nero crack you downloaded that wants to foist the ask toolbar on you. Not really a virus but not desirable.

MBRCheck is a work in progress. It was created to fight the "black internet" mbr infection and is evolving into a general purpose tool. I think the problem with HP's mbr is that there is not just one but many versions.

I'm not seeing any infections now but Avast is still not happy. Perhaps you should try Avira instead.
http://www.free-av.com/


We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...&st=0&sk=t&sd=a
but it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

Let's see if there are any problems in the event logs.

Right click on My Computer and select Manage, Continue, then select Event Viewer. Click on the arrow in front of Event Viewer then select Windows Logs. Right click on System and Clear Log, Clear, OK. Repeat for Application.

Reboot and wait a few minutes for things to settle down.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
declanomad

declanomad

    Member

  • Member
  • PipPip
  • 16 posts
Hi Ron.

I've changed from Avast to Avira. I had some difficulty installing Avira until I turned off Comodo firewall during the installation. (Comodo was flagging up service.exe on each module and it didn't install properly, and couldn't update)

I have worked through your instructions. I couldn't get VEW to run. (Because of a 'not coded for my language' (Spanish). I changed the language and got a Run time error 75 Path file access error.)
I am posting the logs from windows event viewer instead.

Cheers Declan.



Level Date and Time Source Event ID Task Category
Information 20/09/2010 23:44:30 Service Control Manager 7036 None The Windows Media Center Service Launcher service entered the stopped state.
Information 20/09/2010 23:44:29 Service Control Manager 7036 None The Windows Update service entered the running state.
Information 20/09/2010 23:44:28 Microsoft-Windows-TBS 537 None A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started.
Information 20/09/2010 23:44:28 Service Control Manager 7036 None The Security Center service entered the running state.
Information 20/09/2010 23:44:28 Service Control Manager 7036 None The TPM Base Services service entered the stopped state.
Information 20/09/2010 23:44:28 Service Control Manager 7036 None The KtmRm for Distributed Transaction Coordinator service entered the running state.
Information 20/09/2010 23:44:28 Service Control Manager 7036 None The HP Health Check Service service entered the running state.
Information 20/09/2010 23:44:27 Service Control Manager 7036 None The Windows Media Center Service Launcher service entered the running state.
Information 20/09/2010 23:44:27 Service Control Manager 7036 None The Microsoft .NET Framework NGEN v4.0.30319_X86 service entered the stopped state.
Information 20/09/2010 23:44:27 Service Control Manager 7036 None The Microsoft .NET Framework NGEN v4.0.30319_X86 service entered the running state.
Information 20/09/2010 23:44:27 Service Control Manager 7036 None The Background Intelligent Transfer Service service entered the running state.
Information 20/09/2010 23:42:28 Service Control Manager 7036 None The Com4QLBEx service entered the running state.
Information 20/09/2010 23:42:28 Microsoft-Windows-DistributedCOM 10029 None "DCOM started the service Com4QLBEx with arguments """" in order to run the server:
{DB536E5D-10F7-4B34-B443-140161048E2E}"
Information 20/09/2010 23:42:28 Service Control Manager 7036 None The QuickPlay Task Scheduler (QTS) service entered the running state.
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The SSDP Discovery service entered the running state.
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The hpqwmiex service entered the running state.
Information 20/09/2010 23:42:27 Microsoft-Windows-DistributedCOM 10029 None "DCOM started the service hpqwmiex with arguments """" in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}"
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The Function Discovery Provider Host service entered the running state.
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The HP CUE DeviceDiscovery Service service entered the running state.
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The hpqcxs08 service entered the running state.
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The Application Information service entered the running state.
Information 20/09/2010 23:42:27 Service Control Manager 7036 None The Diagnostic System Host service entered the running state.
Error 20/09/2010 23:42:27 Service Control Manager 7022 None The QuickPlay Task Scheduler (QTS) service hung on starting.
Information 20/09/2010 23:42:27 Microsoft-Windows-DistributedCOM 10029 None "DCOM started the service fdPHost with arguments """" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}"
Information 20/09/2010 23:42:27 Microsoft-Windows-DistributedCOM 10029 None "DCOM started the service hpqcxs08 with arguments """" in order to run the server:
{1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}"
Error 20/09/2010 23:42:27 Service Control Manager 7022 None The HP CUE DeviceDiscovery Service service hung on starting.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Search service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Avira AntiVir Guard service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The QuickPlay Background Capture Service (QBCS) service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Internet Connection Sharing (ICS) service entered the stopped state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Remote Access Connection Manager service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Network List Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Search service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The IP Helper service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Image Acquisition (WIA) service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Portable Device Enumerator Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Error Reporting Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Management Instrumentation service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Time service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Terminal Services service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Cyberlink RichVideo Service(CRVS) service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Telephony service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Distributed Link Tracking Client service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Superfetch service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Secure Socket Tunneling Protocol Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Secondary Logon service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Recovery Service for Windows service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Network Location Awareness service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The IPsec Policy Agent service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Function Discovery Resource Publication service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Net Driver HPZ12 service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Pml Driver HPZ12 service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Network Connections service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Program Compatibility Assistant Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Nero BackItUp Scheduler 3 service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The McAfee SiteAdvisor Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Bluetooth Support Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Machine Debug Manager service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The IKE and AuthIP IPsec Keying Modules service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The LightScribeService Direct Disc Labeling Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Human Interface Device Access service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Easybits Shared Services for Windows service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The ReadyBoost service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Diagnostic Policy Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Application Experience service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Agere Modem Call Progress Audio service entered the running state.
Error 20/09/2010 23:41:23 Service Control Manager 7000 None "The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Computer Browser service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Server service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Avira AntiVir Programador service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The WebClient service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Workstation service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Firewall service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Base Filtering Engine service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Print Spooler service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Task Scheduler service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Shell Hardware Detection service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The WLAN AutoConfig service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The DHCP Client service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The DNS Client service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Extensible Authentication Protocol service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Network Store Interface Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The CNG Key Isolation service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The TCP/IP NetBIOS Helper service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Driver Foundation - User-mode Driver Framework service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Tablet PC Input Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Security Accounts Manager service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Desktop Window Manager Session Manager service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The HP Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The System Event Notification Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The COM+ Event System service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Software Licensing service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Group Policy Client service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Themes service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The User Profile Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Audio service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Audio Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Audio Endpoint Builder service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Multimedia Class Scheduler service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Event Log service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Defender service entered the stopped state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Windows Defender service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Cryptographic Services service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The COMODO Internet Security Helper Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Remote Procedure Call (RPC) service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The DCOM Server Process Launcher service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The NVIDIA Display Driver Service service entered the running state.
Information 20/09/2010 23:41:23 Service Control Manager 7036 None The Plug and Play service entered the running state.
Information 20/09/2010 23:41:01 Microsoft-Windows-Dhcp-Client 1103 None Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Information 20/09/2010 23:40:58 Tcpip 4201 None The system detected that network adapter Wireless Network Connection was connected to the network, and has initiated normal operation.
Information 20/09/2010 23:40:58 Tcpip 4201 None The system detected that network adapter Wireless Network Connection was connected to the network, and has initiated normal operation.
Information 20/09/2010 23:40:55 Microsoft-Windows-ResourcePublication 104 None The service is publishing to the network.
Information 20/09/2010 23:40:52 Microsoft-Windows-WLAN-AutoConfig 4000 None "WLAN AutoConfig service has successfully started.
"
Information 20/09/2010 23:40:47 Microsoft-Windows-FilterManager 6 None File System Filter 'avgntflt' (6.1, 19/11/2009 13:44:09) has successfully loaded and registered with Filter Manager.
Information 20/09/2010 23:40:47 avgntflt 17 None AVGNTFLT successfully loaded
Information 20/09/2010 23:40:47 Microsoft-Windows-FilterManager 6 None File System Filter 'luafv' (6.0, 19/01/2008 07:30:35) has successfully loaded and registered with Filter Manager.
Information 20/09/2010 23:39:36 Microsoft-Windows-FilterManager 6 None File System Filter 'cmdGuard' (6.1, 04/06/2010 11:53:30) has successfully loaded and registered with Filter Manager.
Information 20/09/2010 23:39:33 NETw5v32 7036 None The \Device\NDMP3 service entered the Intel® WiFi Link 5100 AGN state.
Information 20/09/2010 23:39:32 Microsoft-Windows-Kernel-Processor-Power 4 None "Processor 1 exposes the following:

3 idle state(s)
3 performance state(s)
8 throttle state(s)"
Information 20/09/2010 23:39:32 Microsoft-Windows-Kernel-Processor-Power 4 None "Processor 0 exposes the following:

3 idle state(s)
3 performance state(s)
8 throttle state(s)"
Information 20/09/2010 23:39:27 Tcpip 4201 None The system detected that network adapter Loopback Pseudo-Interface 1 was connected to the network, and has initiated normal operation.
Information 20/09/2010 23:39:27 Tcpip 4201 None The system detected that network adapter Loopback Pseudo-Interface 1 was connected to the network, and has initiated normal operation.
Information 20/09/2010 23:39:27 Microsoft-Windows-FilterManager 6 None File System Filter 'FileInfo' (6.0, 19/01/2008 07:34:27) has successfully loaded and registered with Filter Manager.
Information 20/09/2010 23:40:47 EventLog 6013 None The system uptime is 83 seconds.
Information 20/09/2010 23:40:47 EventLog 6005 None The Event log service was started.
Warning 20/09/2010 23:38:24 Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Information 20/09/2010 23:40:47 EventLog 6009 None Microsoft ® Windows ® 6.00. 6002 Service Pack 2 Multiprocessor Free.
Information 20/09/2010 23:38:22 EventLog 6006 None The Event log service was stopped.
Information 20/09/2010 23:38:18 Microsoft-Windows-WindowsUpdateClient 27 Windows Update Agent Automatic Updates is now paused.
Information 20/09/2010 23:38:18 Service Control Manager 7036 None The Group Policy Client service entered the stopped state.
Information 20/09/2010 23:38:18 Service Control Manager 7036 None The Windows Update service entered the stopped state.
Information 20/09/2010 23:38:17 Service Control Manager 7036 None The Windows Modules Installer service entered the running state.
Information 20/09/2010 23:38:17 Microsoft-Windows-DistributedCOM 10029 None "DCOM started the service TrustedInstaller with arguments """" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}"
Information 20/09/2010 23:38:17 USER32 1074 None "The process C:\Windows\system32\winlogon.exe (DECLAN-PC) has initiated the restart of computer DECLAN-PC on behalf of user Declan-PC\Declan for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: restart
Comment: "
Information 20/09/2010 23:38:11 USER32 1074 None "The process Explorer.EXE has initiated the restart of computer DECLAN-PC on behalf of user Declan-PC\Declan for the following reason: Other (Unplanned)
Reason Code: 0x0
Shutdown Type: restart
Comment: "
Information 20/09/2010 23:38:03 Microsoft-Windows-Eventlog 104 Log clear The Application log file was cleared.
Information 20/09/2010 23:37:57 Microsoft-Windows-Eventlog 104 Log clear The System log file was cleared.





Level Date and Time Source Event ID Task Category
Information 20/09/2010 23:44:28 SecurityCenter 1 None The Windows Security Center Service has started.
Information 20/09/2010 23:44:27 HP Health Check Service 0 None Service started successfully.
Information 20/09/2010 23:42:28 Com4QLBEx 0 None "The description for Event ID 0 from source Com4QLBEx cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 20/09/2010 23:42:27 QPSched 0 None "The description for Event ID 0 from source QPSched cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 20/09/2010 23:42:27 hpqwmiex 0 None "The description for Event ID 0 from source hpqwmiex cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 20/09/2010 23:42:27 hpqddsvc 0 None "The description for Event ID 0 from source hpqddsvc cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 20/09/2010 23:42:27 hpqcxs08 0 None "The description for Event ID 0 from source hpqcxs08 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Error 20/09/2010 23:41:23 Microsoft-Windows-WMI 10 None "Event filter with query ""SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99"" could not be reactivated in namespace ""//./root/CIMV2"" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected."
Information 20/09/2010 23:41:13 Microsoft-Windows-CertificateServicesClient 1 None Certificate Services Client has been started successfully.
Information 20/09/2010 23:41:13 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 20/09/2010 23:41:13 Microsoft-Windows-Winlogon 4101 None Windows license validated.
Information 20/09/2010 23:41:04 Microsoft-Windows-CertificateServicesClient 1 None Certificate Services Client has been started successfully.
Information 20/09/2010 23:41:06 Microsoft-Windows-Search 1003 Search service The Windows Search Service started.

Information 20/09/2010 23:41:06 Avira AntiVir 4096 (1) El servicio AntiVir se inició correctamente!
Information 20/09/2010 23:41:04 QPCapSvc 0 None "The description for Event ID 0 from source QPCapSvc cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 20/09/2010 23:41:04 Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
Information 20/09/2010 23:41:00 ESENT 102 General Windows (2624) Windows: The database engine (6.00.6002.0000) started a new instance (0).
Information 20/09/2010 23:40:58 Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
Information 20/09/2010 23:40:58 RichVideo 0 None "The description for Event ID 0 from source RichVideo cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 20/09/2010 23:40:55 Nero BackItUp Scheduler 3 0 None "The description for Event ID 0 from source Nero BackItUp Scheduler 3 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Nero BackItUp Scheduler 3 is started. HRESULT: 1
"
Information 20/09/2010 23:40:54 LightScribeService 4 None The LightScribe Service started successfully.
Information 20/09/2010 23:40:52 Microsoft-Windows-Security-Licensing-SLC 902 None "The Software Licensing service has started.
"
Information 20/09/2010 23:40:52 Microsoft-Windows-Security-Licensing-SLC 1005 None "The result of Windows Right consumption is: hr=0x0
"
Information 20/09/2010 23:40:52 Microsoft-Windows-Security-Licensing-SLC 1003 None "The Software Licensing service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
{1,[11db994f-af86-4eb9-af35-fb4e3b0256f5, 8, 0xC004F014,0x0]}

{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}

{1,[6b16d38b-7dac-4614-9948-b4a92ddba889, 8, 0xC004F014,0x0]}

{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[a7a4a974-ad47-420e-8e1a-83d28572058a, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}

{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}

{1,[cdb090c3-053c-4cd1-9cb2-e35b1738747a, 8, 0xC004F014,0x0]}

{1,[da0483a8-c443-45fd-9b52-2bba9b2ee8ab, 8, 0xC004F014,0x0]}

{1,[e05164a4-fb9a-471f-8c3a-6959b4cf1b72, 8, 0xC004F014,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}
"
Information 20/09/2010 23:40:52 Microsoft-Windows-Security-Licensing-SLC 1033 None "These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=bffdc375-bbd5-499d-8ef1-4f37b61c895f"
Information 20/09/2010 23:40:49 HPSrv 105 None "The description for Event ID 105 from source HPSrv cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

"
Information 20/09/2010 23:40:49 Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
Information 20/09/2010 23:40:49 Microsoft-Windows-Security-Licensing-SLC 900 None "The Software Licensing service is starting.
"
Information 20/09/2010 23:40:49 Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully.

"
Information 20/09/2010 23:38:30 Microsoft-Windows-CertificateServicesClient 2 None Certificate Services Client has been stopped.
Information 20/09/2010 23:38:20 HP Health Check Service 0 None Service has been successfully shut down.
Information 20/09/2010 23:38:20 HP Health Check Service 0 None Service stopped successfully.
Information 20/09/2010 23:38:16 Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 20/09/2010 23:38:15 Desktop Window Manager 9009 None The Desktop Window Manager has exited with code (0x40010004)
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 12,818 posts
  • MVP
I usually see the "Run time error" in Vista when you don't right click and Run As Administrator.

Anyway I don't see anything that looks serious. How is it running now? Did you get Avira to do a full check of the computer?

Ron
  • 0

#9
declanomad

declanomad

    Member

  • Member
  • PipPip
  • 16 posts
Hello there Ron. The computer seems to be running well. I scanned with avira twice. It picked up a trojan in my Nero (which previously had never been detected), and also had to block access to the same. The second scan was all clear. VEW does work fine when run as administrator, by the way.

We must be getting there, I reckon. I don't know how the computer got infected, but it's ever so easy to do so. The viruses are pandemic, and pass through usb devices and in downloads, legit or otherwise. The antivirus may well not pick it up.

Thanks very much for your help to date.

Here are the avira logs.



Avira AntiVir Personal
Fecha de creación del fichero de informe: martes, 21 de septiembre de 2010 08:37

Analizando cepas de virus de 2859336.

Titular de la licencia : Avira AntiVir Personal - FREE Antivirus
Número de serie : 0000149996-ADJIE-0000001
Plataforma : Windows Vista
Versión de Windows : (Service Pack 2) [6.0.6002]
Modo de arranque : Arranque normal
Nombre de usuario : SYSTEM
Nombre del equipo : DECLAN-PC

Información de versión:
BUILD.DAT : 9.0.0.17 21585 Bytes 09/06/2010 11:57:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:41
AVSCAN.DLL : 9.0.3.0 47361 Bytes 03/03/2009 13:56:12
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:04
LUKERES.DLL : 9.0.2.0 13057 Bytes 03/03/2009 13:56:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:57:04
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:57:09
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 18:57:11
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 18:57:14
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 18:57:18
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 18:57:22
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 18:57:30
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 18:57:36
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 18:57:36
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 18:57:36
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 18:57:36
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 18:57:36
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 18:57:36
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 18:57:37
VBASE015.VDF : 7.10.11.203 2048 Bytes 18/09/2010 18:57:37
VBASE016.VDF : 7.10.11.204 2048 Bytes 18/09/2010 18:57:37
VBASE017.VDF : 7.10.11.205 2048 Bytes 18/09/2010 18:57:37
VBASE018.VDF : 7.10.11.206 2048 Bytes 18/09/2010 18:57:37
VBASE019.VDF : 7.10.11.207 2048 Bytes 18/09/2010 18:57:38
VBASE020.VDF : 7.10.11.208 2048 Bytes 18/09/2010 18:57:38
VBASE021.VDF : 7.10.11.209 2048 Bytes 18/09/2010 18:57:38
VBASE022.VDF : 7.10.11.210 2048 Bytes 18/09/2010 18:57:38
VBASE023.VDF : 7.10.11.211 2048 Bytes 18/09/2010 18:57:38
VBASE024.VDF : 7.10.11.212 2048 Bytes 18/09/2010 18:57:38
VBASE025.VDF : 7.10.11.213 2048 Bytes 18/09/2010 18:57:38
VBASE026.VDF : 7.10.11.214 2048 Bytes 18/09/2010 18:57:38
VBASE027.VDF : 7.10.11.215 2048 Bytes 18/09/2010 18:57:38
VBASE028.VDF : 7.10.11.216 2048 Bytes 18/09/2010 18:57:38
VBASE029.VDF : 7.10.11.217 2048 Bytes 18/09/2010 18:57:38
VBASE030.VDF : 7.10.11.218 2048 Bytes 18/09/2010 18:57:38
VBASE031.VDF : 7.10.11.228 87040 Bytes 20/09/2010 18:57:39
Versión del motor : 8.2.4.58
AEVDF.DLL : 8.1.2.1 106868 Bytes 20/09/2010 18:57:45
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 20/09/2010 18:57:45
AESCN.DLL : 8.1.6.1 127347 Bytes 20/09/2010 18:57:44
AESBX.DLL : 8.1.3.1 254324 Bytes 20/09/2010 18:57:45
AERDL.DLL : 8.1.9.0 631156 Bytes 20/09/2010 18:57:44
AEPACK.DLL : 8.2.3.7 471413 Bytes 20/09/2010 18:57:43
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 20/09/2010 18:57:43
AEHEUR.DLL : 8.1.2.26 2916727 Bytes 20/09/2010 18:57:43
AEHELP.DLL : 8.1.13.3 242038 Bytes 20/09/2010 18:57:40
AEGEN.DLL : 8.1.3.22 401780 Bytes 20/09/2010 18:57:40
AEEMU.DLL : 8.1.2.0 393588 Bytes 20/09/2010 18:57:40
AECORE.DLL : 8.1.16.2 192887 Bytes 20/09/2010 18:57:39
AEBB.DLL : 8.1.1.0 53618 Bytes 20/09/2010 18:57:39
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:26
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:28
AVREP.DLL : 8.0.0.7 159784 Bytes 20/09/2010 18:57:46
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:39
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:10
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:33
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:52
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:56
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.73.0 87809 Bytes 02/11/2009 15:54:29

Configuración para el análisis actual:
Nombre de tarea...........................: Analizar el Sistema Completo
Fichero de configuración..................: c:\program files\avira\antivir desktop\sysscan.avp
Registro..................................: bajo
Acción principal..........................: interactivo
Acción secundaria.........................: omitir
Analizando sectores de arranque maestros..: activado
Analizando sectores de arranque...........: activado
Sectores de arranque......................: C:, D:,
Analizando programas activos..............: activado
Analizando registro.......................: activado
Búsqueda de rootkits......................: activado
Compr. integridad ficheros del sistema....: desactivado
Modo de análisis de ficheros..............: Todos los ficheros
Analizando archivos.......................: activado
Limitar nivel de recursividad.............: 20
Extensiones inteligentes de archivo.......: activado
Heurística de macrovirus..................: activado
Heurística de ficheros....................: medio
Categorías de riesgo divergentes..........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Comienzo del análisis: martes, 21 de septiembre de 2010 08:37

Comienza el análisis de existencia de objetos ocultos.
Se analizaron '98118' objetos, se encontraron '0' objetos ocultos.

Comienza el análisis de los procesos iniciados:
Analizando proceso 'plugin-container.exe' - se analizaron '1' módulos
Analizando proceso 'firefox.exe' - se analizaron '1' módulos
Analizando proceso 'avscan.exe' - se analizaron '1' módulos
Analizando proceso 'avscan.exe' - se analizaron '1' módulos
Analizando proceso 'avcenter.exe' - se analizaron '1' módulos
Analizando proceso 'HPHC_Service.exe' - se analizaron '1' módulos
Analizando proceso 'Com4QLBEx.exe' - se analizaron '1' módulos
Analizando proceso 'conime.exe' - se analizaron '1' módulos
Analizando proceso 'ApntEx.exe' - se analizaron '1' módulos
Analizando proceso 'ApMsgFwd.exe' - se analizaron '1' módulos
Analizando proceso 'WmiPrvSE.exe' - se analizaron '1' módulos
Analizando proceso 'hpqwmiex.exe' - se analizaron '1' módulos
Analizando proceso 'ehmsas.exe' - se analizaron '1' módulos
Analizando proceso 'ehtray.exe' - se analizaron '1' módulos
Analizando proceso 'avgnt.exe' - se analizaron '1' módulos
Analizando proceso 'hpwuSchd2.exe' - se analizaron '1' módulos
Analizando proceso 'cfp.exe' - se analizaron '1' módulos
Analizando proceso 'QLBCTRL.exe' - se analizaron '1' módulos
Analizando proceso 'Apoint.exe' - se analizaron '1' módulos
Analizando proceso 'explorer.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'dwm.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'SearchIndexer.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'RichVideo.exe' - se analizaron '1' módulos
Analizando proceso 'BLService.exe' - se analizaron '1' módulos
Analizando proceso 'QPSched.exe' - se analizaron '1' módulos
Analizando proceso 'QPCapSvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'rundll32.exe' - se analizaron '1' módulos
Analizando proceso 'NBService.exe' - se analizaron '1' módulos
Analizando proceso 'MDM.EXE' - se analizaron '1' módulos
Analizando proceso 'McSACore.exe' - se analizaron '1' módulos
Analizando proceso 'LSSrvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'avguard.exe' - se analizaron '1' módulos
Analizando proceso 'agrsmsvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'sched.exe' - se analizaron '1' módulos
Analizando proceso 'spoolsv.exe' - se analizaron '1' módulos
Analizando proceso 'nvvsvc.exe' - se analizaron '1' módulos
Analizando proceso 'hpservice.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'SLsvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'audiodg.exe' - se analizaron '0' módulos
Analizando proceso 'stacsv.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'cmdagent.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'nvvsvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'winlogon.exe' - se analizaron '1' módulos
Analizando proceso 'lsm.exe' - se analizaron '1' módulos
Analizando proceso 'lsass.exe' - se analizaron '1' módulos
Analizando proceso 'services.exe' - se analizaron '1' módulos
Analizando proceso 'csrss.exe' - se analizaron '1' módulos
Analizando proceso 'wininit.exe' - se analizaron '1' módulos
Analizando proceso 'csrss.exe' - se analizaron '1' módulos
Analizando proceso 'smss.exe' - se analizaron '1' módulos
Se analizaron '65' procesos con '65' módulos

Comienza el análisis de los sectores de arranque maestros:
Sector de arranque maestro HD0
[INFORMACIÓN] No se encontraron virus.

Comienza el análisis de los sectores de arranque:
Sector de arranque 'C:\'
[INFORMACIÓN] No se encontraron virus.
Sector de arranque 'D:\'
[INFORMACIÓN] No se encontraron virus.

Se inicia el análisis de las referencias a ficheros ejecutables (registro):
Se analizó el registro ( '38' ficheros ).


Comienza el análisis de los ficheros seleccionados:

Comenzando el análisis en 'C:\'
C:\hiberfil.sys
[ADVERTENCIA] No se pudo abrir el fichero.
[NOTA] Este fichero es un fichero del sistema Windows.
[NOTA] Es correcto que este fichero no se pueda abrir para el análisis.
C:\pagefile.sys
[ADVERTENCIA] No se pudo abrir el fichero.
[NOTA] Este fichero es un fichero del sistema Windows.
[NOTA] Es correcto que este fichero no se pueda abrir para el análisis.
C:\Users\Declan\Desktop\RECENT ITEMS\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Keygen5+Activate.exe
[DETECCIÓN] Se trata del troyano TR/PWS.QQpass.2455
C:\Users\Declan\Programs\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Keygen5+Activate.exe
[DETECCIÓN] Se trata del troyano TR/PWS.QQpass.2455
Comenzando el análisis en 'D:\' <HP_RECOVERY>

Iniciando la desinfección:
C:\Users\Declan\Desktop\RECENT ITEMS\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Keygen5+Activate.exe
[DETECCIÓN] Se trata del troyano TR/PWS.QQpass.2455
[ADVERTENCIA] Error al intentar crear una copia de seguridad del fichero y éste no se ha eliminado. Número de error: 26004
[ADVERTENCIA] No se pudo encontrar el fichero de origen.
[NOTA] Se intenta ejecutar la acción con ayuda de la biblioteca ARK.
[ADVERTENCIA] Error en la biblioteca ARK
[NOTA] El fichero se marcó para eliminar tras el reinicio.
C:\Users\Declan\Programs\Nero.v8.2.8.0_ES.Trial+Keys_leian1306\Keygen5+Activate.exe
[DETECCIÓN] Se trata del troyano TR/PWS.QQpass.2455
[NOTA] El fichero se movió al directorio de cuarentena usando el nombre '4d116631.qua'.


Fin del análisis: martes, 21 de septiembre de 2010 09:59
Tiempo requerido: 1:18:35 Horas

El análisis se ejecutó por completo.

24575 Se analizaron las carpetas
983443 Ficheros analizados
2 Virus o programas no deseados detectados
0 Ficheros clasificados como sospechosos
0 Ficheros eliminados
0 Virus o programas no deseados reparados
1 Los ficheros se movieron a cuarentena
0 Se cambió el nombre de los ficheros
2 No se pudieron analizar los ficheros
983439 Ficheros no concernidos
5422 Se analizaron los archivos
3 Advertencias
4 Notas
98118 Los objetos se analizaron con el análisis de rootkits
0 Se detectaron objetos ocultos








Avira AntiVir Personal
Fecha de creación del fichero de informe: martes, 21 de septiembre de 2010 12:24

Analizando cepas de virus de 2859336.

Titular de la licencia : Avira AntiVir Personal - FREE Antivirus
Número de serie : 0000149996-ADJIE-0000001
Plataforma : Windows Vista
Versión de Windows : (Service Pack 2) [6.0.6002]
Modo de arranque : Arranque normal
Nombre de usuario : SYSTEM
Nombre del equipo : DECLAN-PC

Información de versión:
BUILD.DAT : 9.0.0.17 21585 Bytes 09/06/2010 11:57:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:41
AVSCAN.DLL : 9.0.3.0 47361 Bytes 03/03/2009 13:56:12
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:04
LUKERES.DLL : 9.0.2.0 13057 Bytes 03/03/2009 13:56:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:57:04
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 18:57:09
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 18:57:11
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 18:57:14
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 18:57:18
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 18:57:22
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 18:57:30
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 18:57:36
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 18:57:36
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 18:57:36
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 18:57:36
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 18:57:36
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 18:57:36
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 18:57:37
VBASE015.VDF : 7.10.11.203 2048 Bytes 18/09/2010 18:57:37
VBASE016.VDF : 7.10.11.204 2048 Bytes 18/09/2010 18:57:37
VBASE017.VDF : 7.10.11.205 2048 Bytes 18/09/2010 18:57:37
VBASE018.VDF : 7.10.11.206 2048 Bytes 18/09/2010 18:57:37
VBASE019.VDF : 7.10.11.207 2048 Bytes 18/09/2010 18:57:38
VBASE020.VDF : 7.10.11.208 2048 Bytes 18/09/2010 18:57:38
VBASE021.VDF : 7.10.11.209 2048 Bytes 18/09/2010 18:57:38
VBASE022.VDF : 7.10.11.210 2048 Bytes 18/09/2010 18:57:38
VBASE023.VDF : 7.10.11.211 2048 Bytes 18/09/2010 18:57:38
VBASE024.VDF : 7.10.11.212 2048 Bytes 18/09/2010 18:57:38
VBASE025.VDF : 7.10.11.213 2048 Bytes 18/09/2010 18:57:38
VBASE026.VDF : 7.10.11.214 2048 Bytes 18/09/2010 18:57:38
VBASE027.VDF : 7.10.11.215 2048 Bytes 18/09/2010 18:57:38
VBASE028.VDF : 7.10.11.216 2048 Bytes 18/09/2010 18:57:38
VBASE029.VDF : 7.10.11.217 2048 Bytes 18/09/2010 18:57:38
VBASE030.VDF : 7.10.11.218 2048 Bytes 18/09/2010 18:57:38
VBASE031.VDF : 7.10.11.228 87040 Bytes 20/09/2010 18:57:39
Versión del motor : 8.2.4.58
AEVDF.DLL : 8.1.2.1 106868 Bytes 20/09/2010 18:57:45
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 20/09/2010 18:57:45
AESCN.DLL : 8.1.6.1 127347 Bytes 20/09/2010 18:57:44
AESBX.DLL : 8.1.3.1 254324 Bytes 20/09/2010 18:57:45
AERDL.DLL : 8.1.9.0 631156 Bytes 20/09/2010 18:57:44
AEPACK.DLL : 8.2.3.7 471413 Bytes 20/09/2010 18:57:43
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 20/09/2010 18:57:43
AEHEUR.DLL : 8.1.2.26 2916727 Bytes 20/09/2010 18:57:43
AEHELP.DLL : 8.1.13.3 242038 Bytes 20/09/2010 18:57:40
AEGEN.DLL : 8.1.3.22 401780 Bytes 20/09/2010 18:57:40
AEEMU.DLL : 8.1.2.0 393588 Bytes 20/09/2010 18:57:40
AECORE.DLL : 8.1.16.2 192887 Bytes 20/09/2010 18:57:39
AEBB.DLL : 8.1.1.0 53618 Bytes 20/09/2010 18:57:39
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:26
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:28
AVREP.DLL : 8.0.0.7 159784 Bytes 20/09/2010 18:57:46
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:39
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:10
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:33
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:52
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:56
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.73.0 87809 Bytes 02/11/2009 15:54:29

Configuración para el análisis actual:
Nombre de tarea...........................: Analizar el Sistema Completo
Fichero de configuración..................: c:\program files\avira\antivir desktop\sysscan.avp
Registro..................................: bajo
Acción principal..........................: interactivo
Acción secundaria.........................: omitir
Analizando sectores de arranque maestros..: activado
Analizando sectores de arranque...........: activado
Sectores de arranque......................: C:, D:,
Analizando programas activos..............: activado
Analizando registro.......................: activado
Búsqueda de rootkits......................: activado
Compr. integridad ficheros del sistema....: desactivado
Modo de análisis de ficheros..............: Todos los ficheros
Analizando archivos.......................: activado
Limitar nivel de recursividad.............: 20
Extensiones inteligentes de archivo.......: activado
Heurística de macrovirus..................: activado
Heurística de ficheros....................: medio
Categorías de riesgo divergentes..........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Comienzo del análisis: martes, 21 de septiembre de 2010 12:24

Comienza el análisis de existencia de objetos ocultos.
Se analizaron '98129' objetos, se encontraron '0' objetos ocultos.

Comienza el análisis de los procesos iniciados:
Analizando proceso 'HPHC_Service.exe' - se analizaron '1' módulos
Analizando proceso 'mcupdate.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'conime.exe' - se analizaron '1' módulos
Analizando proceso 'ApntEx.exe' - se analizaron '1' módulos
Analizando proceso 'Com4QLBEx.exe' - se analizaron '1' módulos
Analizando proceso 'ApMsgFwd.exe' - se analizaron '1' módulos
Analizando proceso 'WmiPrvSE.exe' - se analizaron '1' módulos
Analizando proceso 'hpqwmiex.exe' - se analizaron '1' módulos
Analizando proceso 'avscan.exe' - se analizaron '1' módulos
Analizando proceso 'avscan.exe' - se analizaron '1' módulos
Analizando proceso 'avcenter.exe' - se analizaron '1' módulos
Analizando proceso 'ehmsas.exe' - se analizaron '1' módulos
Analizando proceso 'ehtray.exe' - se analizaron '1' módulos
Analizando proceso 'avgnt.exe' - se analizaron '1' módulos
Analizando proceso 'hpwuSchd2.exe' - se analizaron '1' módulos
Analizando proceso 'cfp.exe' - se analizaron '1' módulos
Analizando proceso 'QLBCTRL.exe' - se analizaron '1' módulos
Analizando proceso 'Apoint.exe' - se analizaron '1' módulos
Analizando proceso 'explorer.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'dwm.exe' - se analizaron '1' módulos
Analizando proceso 'taskeng.exe' - se analizaron '1' módulos
Analizando proceso 'SearchIndexer.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'RichVideo.exe' - se analizaron '1' módulos
Analizando proceso 'BLService.exe' - se analizaron '1' módulos
Analizando proceso 'QPSched.exe' - se analizaron '1' módulos
Analizando proceso 'QPCapSvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'rundll32.exe' - se analizaron '1' módulos
Analizando proceso 'NBService.exe' - se analizaron '1' módulos
Analizando proceso 'MDM.EXE' - se analizaron '1' módulos
Analizando proceso 'McSACore.exe' - se analizaron '1' módulos
Analizando proceso 'LSSrvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'avguard.exe' - se analizaron '1' módulos
Analizando proceso 'agrsmsvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'sched.exe' - se analizaron '1' módulos
Analizando proceso 'spoolsv.exe' - se analizaron '1' módulos
Analizando proceso 'nvvsvc.exe' - se analizaron '1' módulos
Analizando proceso 'hpservice.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'SLsvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'audiodg.exe' - se analizaron '0' módulos
Analizando proceso 'stacsv.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'winlogon.exe' - se analizaron '1' módulos
Analizando proceso 'cmdagent.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'nvvsvc.exe' - se analizaron '1' módulos
Analizando proceso 'svchost.exe' - se analizaron '1' módulos
Analizando proceso 'lsm.exe' - se analizaron '1' módulos
Analizando proceso 'lsass.exe' - se analizaron '1' módulos
Analizando proceso 'services.exe' - se analizaron '1' módulos
Analizando proceso 'csrss.exe' - se analizaron '1' módulos
Analizando proceso 'wininit.exe' - se analizaron '1' módulos
Analizando proceso 'csrss.exe' - se analizaron '1' módulos
Analizando proceso 'smss.exe' - se analizaron '1' módulos
Se analizaron '68' procesos con '68' módulos

Comienza el análisis de los sectores de arranque maestros:
Sector de arranque maestro HD0
[INFORMACIÓN] No se encontraron virus.

Comienza el análisis de los sectores de arranque:
Sector de arranque 'C:\'
[INFORMACIÓN] No se encontraron virus.
Sector de arranque 'D:\'
[INFORMACIÓN] No se encontraron virus.

Se inicia el análisis de las referencias a ficheros ejecutables (registro):
Se analizó el registro ( '38' ficheros ).


Comienza el análisis de los ficheros seleccionados:

Comenzando el análisis en 'C:\'
C:\hiberfil.sys
[ADVERTENCIA] No se pudo abrir el fichero.
[NOTA] Este fichero es un fichero del sistema Windows.
[NOTA] Es correcto que este fichero no se pueda abrir para el análisis.
C:\pagefile.sys
[ADVERTENCIA] No se pudo abrir el fichero.
[NOTA] Este fichero es un fichero del sistema Windows.
[NOTA] Es correcto que este fichero no se pueda abrir para el análisis.
Comenzando el análisis en 'D:\' <HP_RECOVERY>


Fin del análisis: martes, 21 de septiembre de 2010 13:40
Tiempo requerido: 1:15:02 Horas

El análisis se ejecutó por completo.

24576 Se analizaron las carpetas
983460 Ficheros analizados
0 Virus o programas no deseados detectados
0 Ficheros clasificados como sospechosos
0 Ficheros eliminados
0 Virus o programas no deseados reparados
0 Los ficheros se movieron a cuarentena
0 Se cambió el nombre de los ficheros
2 No se pudieron analizar los ficheros
983458 Ficheros no concernidos
5422 Se analizaron los archivos
2 Advertencias
2 Notas
98129 Los objetos se analizaron con el análisis de rootkits
0 Se detectaron objetos ocultos
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 12,818 posts
  • MVP
We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...&st=0&sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 18.1 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://oldmcdonald.w...orun-eater-v25/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured