Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/cycbot.b backdoor - removal?


  • Please log in to reply

#1
praxidice

praxidice

    Member

  • Member
  • PipPipPip
  • 164 posts
Hello,

My Windows Defender popped up with two notifications for Win32/cycbot.b infection. I selected Quarantine and Remove. The first one listed said that it was successfully removed, but the second one listed said there was an error.

Then the internet stopped working, saying that my browser had been redirected to a proxy server.

I disconnected from the internet immediately.

I am afraid to transfer files between my two laptops and I don't want to reconnect to the internet to download the latest version of OTL. How should I go about this? Is it okay to download OTL (and any other programs) and transfer via a flash drive? That seems risky to me.

So, I'm not posting an OTL log because I'm not sure if it's safe to transfer files. I would appreciate any advice on this front.

Thank you very much!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
What usually happens is the malware sets up a proxy on your computer. Then it forces IE or Firefox to send all traffic going to the internet to the proxy. Since it's a malware proxy it picks and chooses what goes to the internet and keeps you from going to certain anti-malware sites and perhaps sends copies of interesting traffic like passwords and credit cards to another address for harvesting. MBAM or your anti-malware software knows the proxy software is malware so removes it but doesn't realize that it's also a proxy so doesn't change the proxy settings on IE and FF. So now IE or Firefox still sends traffic to the proxy but there is no proxy so it doesn't go anywhere and you have lost connectivity to the internet.

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.


Any better? If so follow the guidelines in the top post of the Malware Removal forum
http://www.geekstogo...uide-t2852.html
and post your logs. If not let me know and we will try a few other things.


If you must use a USB drive to transfer files then on the good PC:
Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Also want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.

Ron
  • 0

#3
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Thank you! That's exactly what I needed to know. I will follow your instructions later today and hopefully post a response by this evening (my time).
  • 0

#4
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi there!

The internet is working now.

After I followed your instructions, Zone Alarm popped up and said that there was a new network, and asked if it was home or public. I checked the network connections and I only see mine. So, is it okay to tell ZA that it's Home, or do I need to be concerned about that?

I also ran MBAM, Avira, and Windows Defender. MBAM had a few bugs that didn't seem to be related and were apparently no problem to remove.

Should I only be running one or the other between Avira and WinDefender?

Below is the OTL log. Sorry for all the questions!

Thanks...

OTL

OTL logfile created on: 7/13/2011 9:04:51 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 73.66% Memory free
7.81 Gb Paging File | 6.11 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.04 Gb Total Space | 88.57 Gb Free Space | 31.40% Space Free | Partition Type: NTFS
Drive D: | 15.86 Gb Total Space | 2.60 Gb Free Space | 16.37% Space Free | Partition Type: NTFS

Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2011/06/28 13:43:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 23:43:15 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/28 19:01:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 10:04:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/11/22 16:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/29 11:53:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/03 03:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/28 13:43:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 19:01:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/16 16:20:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 13:43:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 13:43:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/06 13:01:50 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/11 21:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/08/10 11:35:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/08/10 11:35:08 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 11:33:17 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/22 16:44:24 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 15:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/12 19:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/11/07 14:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2002/07/17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://osn-lbpx2.ets.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "www.gmail.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 11:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/02 18:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/08/03 14:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/12/11 23:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/13 17:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/15 15:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/08/03 14:22:07 | 000,000,000 | ---D | M]

[2010/11/18 22:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
[2011/06/25 23:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions
[2011/06/25 23:34:33 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/06/21 23:21:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/24 21:01:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\[email protected]
[2011/04/12 12:17:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\[email protected]
[2011/07/13 17:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/07 17:29:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 13:57:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 22:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/11/25 22:44:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [conhost] File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - File not found
O9 - Extra 'Tools' menuitem : Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{819acd00-ea90-11df-8884-002622b5607b}\Shell - "" = AutoRun
O33 - MountPoints2\{819acd00-ea90-11df-8884-002622b5607b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cfad7e1d-911e-11df-8c9f-002622b5607b}\Shell - "" = AutoRun
O33 - MountPoints2\{cfad7e1d-911e-11df-8c9f-002622b5607b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 13:23:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011/07/11 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Audio)
[2011/07/09 13:47:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{D4D77111-E332-450C-BDB6-359D36F99213}
[2011/07/09 13:47:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{163DEACF-0273-40AF-BAF1-9B3C3FC15609}
[2011/06/24 22:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/24 20:04:51 | 000,000,000 | ---D | C] -- C:\output media
[2011/06/24 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{1CE163F5-0E97-4478-8353-9BB6EDA81BEF}
[2011/06/24 17:13:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/24 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/24 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/24 16:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Convert MPEG WMV to MP4 FLV AVI Converter
[2011/06/24 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Convert MPEG WMV to MP4 FLV AVI Converter
[2011/06/24 16:55:25 | 000,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/06/24 16:55:20 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/06/24 16:55:19 | 000,683,520 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx.dll
[2011/06/17 07:46:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Win7codecs
[2011/06/17 07:43:45 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Downloads
[2011/06/17 00:16:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Media Player Classic
[2011/06/16 22:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/06/16 22:49:33 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/06/16 22:49:33 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/06/16 22:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011/06/16 08:29:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/15 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\ElevatedDiagnostics
[2011/06/15 16:02:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/15 16:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/06/15 16:01:38 | 000,000,000 | ---D | C] -- C:\b6643a03c200bb4edc4adad297125a
[2011/06/15 15:16:40 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2011/06/15 14:52:06 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\BBC Mother Tongue
[2011/06/15 14:14:04 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Downloads in progress
[2011/06/14 14:58:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Windows Live
[2010/11/27 23:02:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files (x86)\TFC.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/13 20:48:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/13 20:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/13 17:15:14 | 000,002,012 | ---- | M] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/13 17:07:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/13 17:07:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/13 16:59:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/13 16:58:35 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011/07/11 19:41:08 | 000,002,316 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\86D0.A76
[2011/07/11 13:38:31 | 004,344,964 | ---- | M] () -- C:\Users\XXX\Desktop\working-abroad.pdf
[2011/07/11 13:32:49 | 000,004,078 | ---- | M] () -- C:\Users\XXX\Desktop\Books - Shortcut.lnk
[2011/07/10 16:08:15 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/10 16:08:15 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/10 16:08:15 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/08 16:31:01 | 001,327,301 | ---- | M] () -- C:\Users\XXX\Desktop\esl-productivity-secrets.pdf
[2011/07/08 16:17:44 | 006,828,643 | ---- | M] () -- C:\Users\XXX\Desktop\into to lang.pdf
[2011/07/05 22:28:36 | 000,264,269 | ---- | M] () -- C:\Users\XXX\Desktop\Adam Eisenberg E2 visa.pdf
[2011/07/03 15:42:23 | 000,031,144 | ---- | M] () -- C:\Users\XXX\Desktop\Brown Paper Tickets - The fair-trade ticketing company.pdf
[2011/06/29 10:50:32 | 003,038,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 13:43:08 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/06/28 13:43:08 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/06/28 13:38:51 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForXXX.job
[2011/06/24 17:10:25 | 000,000,020 | ---- | M] () -- C:\Windows\x
[2011/06/24 16:56:57 | 000,000,034 | -H-- | M] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/06/20 15:39:23 | 000,004,096 | -H-- | M] () -- C:\Users\XXX\AppData\Local\keyfile3.drm
[2011/06/17 07:45:56 | 000,036,734 | ---- | M] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 19:37:40 | 000,002,316 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\86D0.A76
[2011/07/11 13:38:29 | 004,344,964 | ---- | C] () -- C:\Users\XXX\Desktop\working-abroad.pdf
[2011/07/11 13:32:49 | 000,004,078 | ---- | C] () -- C:\Users\XXX\Desktop\Books - Shortcut.lnk
[2011/07/08 16:31:01 | 001,327,301 | ---- | C] () -- C:\Users\XXX\Desktop\esl-productivity-secrets.pdf
[2011/07/08 16:17:40 | 006,828,643 | ---- | C] () -- C:\Users\XXX\Desktop\into to lang.pdf
[2011/07/05 22:28:35 | 000,264,269 | ---- | C] () -- C:\Users\XXX\Desktop\Adam Eisenberg E2 visa.pdf
[2011/07/03 15:42:23 | 000,031,144 | ---- | C] () -- C:\Users\XXX\Desktop\Brown Paper Tickets - The fair-trade ticketing company.pdf
[2011/06/24 17:12:10 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/24 17:11:01 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/24 17:10:22 | 000,000,020 | ---- | C] () -- C:\Windows\x
[2011/06/24 16:56:57 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/06/24 16:56:40 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Free Convert MPEG WMV to MP4 FLV AVI Converter.lnk
[2011/06/24 16:55:25 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/06/24 16:55:20 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/06/20 15:39:23 | 000,004,096 | -H-- | C] () -- C:\Users\XXX\AppData\Local\keyfile3.drm
[2011/06/17 07:45:56 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2011/06/15 14:10:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/12/23 22:11:37 | 000,001,854 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\GhostObjGAFix.xml
[2010/12/11 20:33:56 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/12/06 17:44:18 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/30 15:56:41 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/28 23:34:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/24 22:03:12 | 000,006,656 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 13:40:50 | 002,347,340 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpFROM MOM'S CAMERA 8-2010 193.JPG
[2010/08/25 15:57:16 | 000,552,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2609.0
[2010/08/25 15:57:16 | 000,425,833 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2609.JPG
[2010/08/25 15:55:47 | 000,585,872 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2608.0
[2010/08/25 15:55:47 | 000,477,029 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2608.JPG
[2010/08/25 15:55:16 | 000,604,540 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2607.0
[2010/08/25 15:55:16 | 000,485,343 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2607.JPG
[2010/08/25 15:54:13 | 000,604,532 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2606.0
[2010/08/25 15:54:13 | 000,480,148 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2606.JPG
[2010/08/25 15:52:51 | 000,568,880 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2605.0
[2010/08/25 15:52:51 | 000,457,293 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2605.JPG
[2010/08/25 15:52:09 | 000,681,992 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2604.0
[2010/08/25 15:52:09 | 000,507,189 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2604.JPG
[2010/08/25 15:50:03 | 000,895,180 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2602.0
[2010/08/25 15:50:03 | 000,671,106 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2602.JPG
[2010/08/25 15:49:40 | 000,853,644 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2601.0
[2010/08/25 15:49:40 | 000,641,213 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2601.JPG
[2010/08/25 15:47:05 | 000,489,252 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2593.0
[2010/08/25 15:47:05 | 000,385,084 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2593.JPG
[2010/08/10 11:35:15 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/08 08:12:25 | 000,254,990 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300008.0
[2010/08/08 08:12:25 | 000,112,309 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300008.JPG
[2010/08/08 08:11:19 | 000,231,699 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300009.0
[2010/08/08 08:11:19 | 000,097,579 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300009.JPG
[2010/07/29 12:44:31 | 000,007,030 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpCOUCH.JPG
[2010/07/29 12:44:31 | 000,004,662 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpCOUCH.0
[2010/07/26 10:13:40 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/23 12:35:52 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 12:35:52 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/16 10:08:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 12:14:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 12:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 12:14:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2007/11/14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2010/11/27 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CheckPoint
[2011/04/13 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/16 00:14:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DigitalPersona
[2011/07/13 21:12:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2011/06/10 13:26:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\foobar2000
[2010/10/15 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeAudioPack
[2011/06/17 07:44:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GetRightToGo
[2011/06/18 13:55:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mapi2Xml
[2010/11/03 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OverDrive
[2010/11/30 09:36:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Philipp Winterberg
[2011/06/16 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\REAPER
[2010/07/18 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Steinberg
[2010/12/27 17:57:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Tencent
[2011/06/17 07:46:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Win7codecs
[2011/07/05 22:00:01 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi there. I am posting a more recent OTL log since I haven't heard back from you.

Here's my previous message -- Thanks!


````````
Hi there!

The internet is working now.

After I followed your instructions, Zone Alarm popped up and said that there was a new network, and asked if it was home or public. I checked the network connections and I only see mine. So, is it okay to tell ZA that it's Home, or do I need to be concerned about that?

I also ran MBAM, Avira, and Windows Defender. MBAM had a few bugs that didn't seem to be related and were apparently no problem to remove.

Should I only be running one or the other between Avira and WinDefender?

Below is the OTL log. Sorry for all the questions!

Thanks...

NEW OTL LOG

OTL logfile created on: 7/17/2011 7:07:36 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 22.55% Memory free
7.81 Gb Paging File | 3.63 Gb Available in Paging File | 46.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.04 Gb Total Space | 89.00 Gb Free Space | 31.56% Space Free | Partition Type: NTFS
Drive D: | 15.86 Gb Total Space | 2.58 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
Drive E: | 7.80 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2011/07/08 00:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 23:43:15 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/11/22 16:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/08/29 11:53:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/03 03:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/16 16:20:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/06 13:01:50 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/11 21:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/08/10 11:35:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/08/10 11:35:08 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 11:33:17 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/22 16:44:24 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 15:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/12 19:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/11/07 14:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2002/07/17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://osn-lbpx2.ets.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "www.gmail.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 11:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/02 18:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/08/03 14:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/17 03:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/12/11 23:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/13 17:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/15 15:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/08/03 14:22:07 | 000,000,000 | ---D | M]

[2010/11/18 22:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
[2011/06/25 23:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions
[2011/06/25 23:34:33 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/06/21 23:21:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/24 21:01:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\[email protected]
[2011/04/12 12:17:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\[email protected]
[2011/07/13 17:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/07 17:29:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 13:57:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 22:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/17 03:29:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/11/25 22:44:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [conhost] File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - File not found
O9 - Extra 'Tools' menuitem : Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{819acd00-ea90-11df-8884-002622b5607b}\Shell - "" = AutoRun
O33 - MountPoints2\{819acd00-ea90-11df-8884-002622b5607b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cfad7e1d-911e-11df-8c9f-002622b5607b}\Shell - "" = AutoRun
O33 - MountPoints2\{cfad7e1d-911e-11df-8c9f-002622b5607b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 03:30:07 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/17 03:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/17 03:30:05 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/17 03:30:02 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/17 03:30:00 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/17 03:29:57 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/17 03:29:51 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/17 03:29:50 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/17 03:29:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/17 03:29:15 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/17 03:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/17 03:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/13 13:23:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011/07/11 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Audio)
[2011/07/09 13:47:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{D4D77111-E332-450C-BDB6-359D36F99213}
[2011/07/09 13:47:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{163DEACF-0273-40AF-BAF1-9B3C3FC15609}
[2011/06/24 22:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/24 20:04:51 | 000,000,000 | ---D | C] -- C:\output media
[2011/06/24 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{1CE163F5-0E97-4478-8353-9BB6EDA81BEF}
[2011/06/24 17:13:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/24 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/24 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/24 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Convert MPEG WMV to MP4 FLV AVI Converter
[2011/06/24 16:55:25 | 000,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/06/24 16:55:20 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/06/24 16:55:19 | 000,683,520 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx.dll
[2010/11/27 23:02:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files (x86)\TFC.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 19:00:58 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 19:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 11:00:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 11:00:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 10:51:39 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 10:48:58 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/17 03:29:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/14 21:00:00 | 000,001,253 | ---- | M] () -- C:\Users\XXX\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/14 20:47:02 | 013,879,340 | ---- | M] () -- C:\Users\XXX\Documents\06 No Other Guy.wav
[2011/07/14 20:47:01 | 013,547,564 | ---- | M] () -- C:\Users\XXX\Documents\05 Paradiso Twist.wav
[2011/07/14 20:47:01 | 010,944,044 | ---- | M] () -- C:\Users\XXX\Documents\04 Don't Torture Me.wav
[2011/07/14 20:47:00 | 016,487,468 | ---- | M] () -- C:\Users\XXX\Documents\02 Now's The Time.wav
[2011/07/14 20:47:00 | 015,975,980 | ---- | M] () -- C:\Users\XXX\Documents\03 Jenny G.wav
[2011/07/14 20:46:59 | 014,916,140 | ---- | M] () -- C:\Users\XXX\Documents\01 Take Your Time Caroline.wav
[2011/07/14 08:55:52 | 003,038,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/13 17:15:14 | 000,002,012 | ---- | M] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011/07/11 19:41:08 | 000,002,316 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\86D0.A76
[2011/07/11 13:38:31 | 004,344,964 | ---- | M] () -- C:\Users\XXX\Desktop\working-abroad.pdf
[2011/07/11 13:32:49 | 000,004,078 | ---- | M] () -- C:\Users\XXX\Desktop\Books - Shortcut.lnk
[2011/07/10 16:08:15 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/10 16:08:15 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/10 16:08:15 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/08 16:31:01 | 001,327,301 | ---- | M] () -- C:\Users\XXX\Desktop\esl-productivity-secrets.pdf
[2011/07/08 16:17:44 | 006,828,643 | ---- | M] () -- C:\Users\XXX\Desktop\into to lang.pdf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/05 22:28:36 | 000,264,269 | ---- | M] () -- C:\Users\XXX\Desktop\Adam Eisenberg E2 visa.pdf
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 04:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 04:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 04:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 04:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 04:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 04:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/03 15:42:23 | 000,031,144 | ---- | M] () -- C:\Users\XXX\Desktop\Brown Paper Tickets - The fair-trade ticketing company.pdf
[2011/06/28 13:38:51 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForXXX.job
[2011/06/24 17:10:25 | 000,000,020 | ---- | M] () -- C:\Windows\x
[2011/06/24 16:56:57 | 000,000,034 | -H-- | M] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/06/20 15:39:23 | 000,004,096 | -H-- | M] () -- C:\Users\XXX\AppData\Local\keyfile3.drm
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/17 03:29:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/07/14 21:00:00 | 000,001,253 | ---- | C] () -- C:\Users\XXX\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/14 20:47:01 | 013,879,340 | ---- | C] () -- C:\Users\XXX\Documents\06 No Other Guy.wav
[2011/07/14 20:47:01 | 013,547,564 | ---- | C] () -- C:\Users\XXX\Documents\05 Paradiso Twist.wav
[2011/07/14 20:47:00 | 015,975,980 | ---- | C] () -- C:\Users\XXX\Documents\03 Jenny G.wav
[2011/07/14 20:47:00 | 010,944,044 | ---- | C] () -- C:\Users\XXX\Documents\04 Don't Torture Me.wav
[2011/07/14 20:46:59 | 016,487,468 | ---- | C] () -- C:\Users\XXX\Documents\02 Now's The Time.wav
[2011/07/14 20:46:59 | 014,916,140 | ---- | C] () -- C:\Users\XXX\Documents\01 Take Your Time Caroline.wav
[2011/07/11 19:37:40 | 000,002,316 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\86D0.A76
[2011/07/11 13:38:29 | 004,344,964 | ---- | C] () -- C:\Users\XXX\Desktop\working-abroad.pdf
[2011/07/11 13:32:49 | 000,004,078 | ---- | C] () -- C:\Users\XXX\Desktop\Books - Shortcut.lnk
[2011/07/08 16:31:01 | 001,327,301 | ---- | C] () -- C:\Users\XXX\Desktop\esl-productivity-secrets.pdf
[2011/07/08 16:17:40 | 006,828,643 | ---- | C] () -- C:\Users\XXX\Desktop\into to lang.pdf
[2011/07/05 22:28:35 | 000,264,269 | ---- | C] () -- C:\Users\XXX\Desktop\Adam Eisenberg E2 visa.pdf
[2011/07/03 15:42:23 | 000,031,144 | ---- | C] () -- C:\Users\XXX\Desktop\Brown Paper Tickets - The fair-trade ticketing company.pdf
[2011/06/24 17:12:10 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/24 17:11:01 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/24 17:10:22 | 000,000,020 | ---- | C] () -- C:\Windows\x
[2011/06/24 16:56:57 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/06/24 16:55:25 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/06/24 16:55:20 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/06/20 15:39:23 | 000,004,096 | -H-- | C] () -- C:\Users\XXX\AppData\Local\keyfile3.drm
[2011/06/17 07:45:56 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2010/12/23 22:11:37 | 000,001,854 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\GhostObjGAFix.xml
[2010/12/11 20:33:56 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/12/06 17:44:18 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/30 15:56:41 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/28 23:34:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/24 22:03:12 | 000,006,656 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 13:40:50 | 002,347,340 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpFROM MOM'S CAMERA 8-2010 193.JPG
[2010/08/25 15:57:16 | 000,552,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2609.0
[2010/08/25 15:57:16 | 000,425,833 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2609.JPG
[2010/08/25 15:55:47 | 000,585,872 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2608.0
[2010/08/25 15:55:47 | 000,477,029 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2608.JPG
[2010/08/25 15:55:16 | 000,604,540 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2607.0
[2010/08/25 15:55:16 | 000,485,343 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2607.JPG
[2010/08/25 15:54:13 | 000,604,532 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2606.0
[2010/08/25 15:54:13 | 000,480,148 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2606.JPG
[2010/08/25 15:52:51 | 000,568,880 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2605.0
[2010/08/25 15:52:51 | 000,457,293 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2605.JPG
[2010/08/25 15:52:09 | 000,681,992 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2604.0
[2010/08/25 15:52:09 | 000,507,189 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2604.JPG
[2010/08/25 15:50:03 | 000,895,180 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2602.0
[2010/08/25 15:50:03 | 000,671,106 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2602.JPG
[2010/08/25 15:49:40 | 000,853,644 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2601.0
[2010/08/25 15:49:40 | 000,641,213 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2601.JPG
[2010/08/25 15:47:05 | 000,489,252 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2593.0
[2010/08/25 15:47:05 | 000,385,084 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2593.JPG
[2010/08/10 11:35:15 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/08 08:12:25 | 000,254,990 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300008.0
[2010/08/08 08:12:25 | 000,112,309 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300008.JPG
[2010/08/08 08:11:19 | 000,231,699 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300009.0
[2010/08/08 08:11:19 | 000,097,579 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300009.JPG
[2010/07/29 12:44:31 | 000,007,030 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpCOUCH.JPG
[2010/07/29 12:44:31 | 000,004,662 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpCOUCH.0
[2010/07/26 10:13:40 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/23 12:35:52 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 12:35:52 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/16 10:08:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 12:14:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 12:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 12:14:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2007/11/14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2010/11/27 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CheckPoint
[2011/04/13 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/16 00:14:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DigitalPersona
[2011/07/17 10:52:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2011/06/10 13:26:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\foobar2000
[2010/10/15 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeAudioPack
[2011/06/17 07:44:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GetRightToGo
[2011/06/18 13:55:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mapi2Xml
[2010/11/03 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OverDrive
[2010/11/30 09:36:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Philipp Winterberg
[2011/06/16 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\REAPER
[2010/07/18 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Steinberg
[2010/12/27 17:57:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Tencent
[2011/06/17 07:46:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Win7codecs
[2011/07/05 22:00:01 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C765C323

< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Sorry I guess I either didn't get notified or I lost it somewhere.

In answer to your questions:

After I followed your instructions, Zone Alarm popped up and said that there was a new network, and asked if it was home or public. I checked the network connections and I only see mine. So, is it okay to tell ZA that it's Home, or do I need to be concerned about that?

Assuming the network is the one at home then home is the correct choice.


Should I only be running one or the other between Avira and WinDefender? WinDefender can be run with any anti-virus.

Copy the text between the lines of stars by highlighting and Ctrl + c (Note if your username is not xxxx please change the following script so that it shows the correct username before you hit the Run Fix button.)


********************************************************************
:processes
killallprocesses


:OTL
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
[2011/06/25 23:34:33 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/03/24 21:01:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\[email protected]
[2010/09/21 13:57:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 22:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [conhost] File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - File not found
O9 - Extra 'Tools' menuitem : Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
[2011/07/09 13:47:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{D4D77111-E332-450C-BDB6-359D36F99213}
[2011/07/09 13:47:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{163DEACF-0273-40AF-BAF1-9B3C3FC15609}
[2011/06/24 17:30:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{1CE163F5-0E97-4478-8353-9BB6EDA81BEF}
[2011/07/11 19:41:08 | 000,002,316 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\86D0.A76
[2011/06/24 17:10:25 | 000,000,020 | ---- | M] () -- C:\Windows\xôŽ
[2011/06/24 16:56:57 | 000,000,034 | -H-- | M] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/06/20 15:39:23 | 000,004,096 | -H-- | M] () -- C:\Users\XXX\AppData\Local\keyfile3.drm

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

ComboFix

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click and Run As Administrator the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Ron
  • 0

#7
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Great! Here are all the logs.

OTL
OTL logfile created on: 7/17/2011 10:41:23 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.92% Memory free
7.81 Gb Paging File | 6.15 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.04 Gb Total Space | 89.24 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 15.86 Gb Total Space | 2.58 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2011/07/08 00:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 23:43:15 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/11/22 16:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/08/29 11:53:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/03 03:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/07/16 16:20:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/06 13:01:50 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/08/11 21:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/08/10 11:35:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/08/10 11:35:08 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/10 11:33:17 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/22 16:44:24 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 15:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/12 19:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/11/07 14:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2002/07/17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://osn-lbpx2.ets.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "www.gmail.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 11:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/02 18:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/08/03 14:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/17 03:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/12/11 23:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/13 17:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/15 15:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/08/03 14:22:07 | 000,000,000 | ---D | M]

[2010/11/18 22:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Extensions
[2011/07/17 22:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions
[2011/06/21 23:21:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/12 12:17:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\extensions\[email protected]
[2011/07/17 22:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/07 17:29:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/07/17 03:29:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/11/25 22:44:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{819acd00-ea90-11df-8884-002622b5607b}\Shell - "" = AutoRun
O33 - MountPoints2\{819acd00-ea90-11df-8884-002622b5607b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cfad7e1d-911e-11df-8c9f-002622b5607b}\Shell - "" = AutoRun
O33 - MountPoints2\{cfad7e1d-911e-11df-8c9f-002622b5607b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 22:25:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/17 03:30:07 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/17 03:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/17 03:30:05 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/17 03:30:02 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/17 03:30:00 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/17 03:29:57 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/17 03:29:51 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/17 03:29:50 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/17 03:29:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/17 03:29:15 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/17 03:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/17 03:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/14 20:58:56 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2011/07/14 20:58:53 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll
[2011/07/13 17:06:22 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 17:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 17:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 17:06:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 17:06:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 17:06:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 17:06:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 17:06:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 17:06:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 17:06:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 17:06:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 17:06:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 17:06:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 17:06:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 17:06:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 17:06:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 17:06:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 17:06:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 13:28:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 13:28:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 13:28:41 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 13:28:41 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 13:28:40 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 13:28:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 13:28:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 13:28:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 13:28:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 13:28:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 13:28:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 13:28:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/13 13:23:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011/07/11 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Audio)
[2011/06/28 13:49:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/28 13:49:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/28 13:49:23 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/28 13:49:22 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/28 13:49:22 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/28 13:49:21 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/28 13:49:21 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/28 13:49:20 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/28 13:49:20 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/28 13:49:20 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/28 13:49:20 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/28 13:49:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/28 13:49:20 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/28 13:49:20 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/28 13:49:19 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/28 13:49:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/24 22:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/24 20:04:51 | 000,000,000 | ---D | C] -- C:\output media
[2011/06/24 17:13:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/24 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/24 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/24 16:57:09 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/06/24 16:57:09 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/06/24 16:57:05 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/06/24 16:57:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/06/24 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Convert MPEG WMV to MP4 FLV AVI Converter
[2011/06/24 16:55:25 | 000,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/06/24 16:55:20 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/06/24 16:55:19 | 000,683,520 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx.dll
[2011/06/24 16:52:30 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/06/24 16:52:30 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011/06/24 16:52:30 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011/06/24 16:52:29 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010/11/27 23:02:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files (x86)\TFC.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 22:48:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 22:41:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 22:41:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 22:28:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 22:27:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 22:27:09 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/17 03:29:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/14 20:47:02 | 013,879,340 | ---- | M] () -- C:\Users\XXX\Documents\06 No Other Guy.wav
[2011/07/14 20:47:01 | 013,547,564 | ---- | M] () -- C:\Users\XXX\Documents\05 Paradiso Twist.wav
[2011/07/14 20:47:01 | 010,944,044 | ---- | M] () -- C:\Users\XXX\Documents\04 Don't Torture Me.wav
[2011/07/14 20:47:00 | 016,487,468 | ---- | M] () -- C:\Users\XXX\Documents\02 Now's The Time.wav
[2011/07/14 20:47:00 | 015,975,980 | ---- | M] () -- C:\Users\XXX\Documents\03 Jenny G.wav
[2011/07/14 20:46:59 | 014,916,140 | ---- | M] () -- C:\Users\XXX\Documents\01 Take Your Time Caroline.wav
[2011/07/14 08:55:52 | 003,038,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/13 17:15:14 | 000,002,012 | ---- | M] () -- C:\Users\XXX\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/13 13:24:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011/07/11 13:38:31 | 004,344,964 | ---- | M] () -- C:\Users\XXX\Desktop\working-abroad.pdf
[2011/07/11 13:32:49 | 000,004,078 | ---- | M] () -- C:\Users\XXX\Desktop\Books - Shortcut.lnk
[2011/07/10 16:08:15 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/10 16:08:15 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/10 16:08:15 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/08 16:31:01 | 001,327,301 | ---- | M] () -- C:\Users\XXX\Desktop\esl-productivity-secrets.pdf
[2011/07/08 16:17:44 | 006,828,643 | ---- | M] () -- C:\Users\XXX\Desktop\into to lang.pdf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/05 22:28:36 | 000,264,269 | ---- | M] () -- C:\Users\XXX\Desktop\XXX.pdf
[2011/07/05 22:08:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 04:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 04:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 04:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 04:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 04:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 04:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/03 15:42:23 | 000,031,144 | ---- | M] () -- C:\Users\XXX\Desktop\Brown Paper Tickets - The fair-trade ticketing company.pdf
[2011/06/28 13:38:51 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForXXX.job
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/17 03:29:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/07/14 20:47:01 | 013,879,340 | ---- | C] () -- C:\Users\XXX\Documents\06 No Other Guy.wav
[2011/07/14 20:47:01 | 013,547,564 | ---- | C] () -- C:\Users\XXX\Documents\05 Paradiso Twist.wav
[2011/07/14 20:47:00 | 015,975,980 | ---- | C] () -- C:\Users\XXX\Documents\03 Jenny G.wav
[2011/07/14 20:47:00 | 010,944,044 | ---- | C] () -- C:\Users\XXX\Documents\04 Don't Torture Me.wav
[2011/07/14 20:46:59 | 016,487,468 | ---- | C] () -- C:\Users\XXX\Documents\02 Now's The Time.wav
[2011/07/14 20:46:59 | 014,916,140 | ---- | C] () -- C:\Users\XXX\Documents\01 Take Your Time Caroline.wav
[2011/07/11 13:38:29 | 004,344,964 | ---- | C] () -- C:\Users\XXX\Desktop\working-abroad.pdf
[2011/07/11 13:32:49 | 000,004,078 | ---- | C] () -- C:\Users\XXX\Desktop\Books - Shortcut.lnk
[2011/07/08 16:31:01 | 001,327,301 | ---- | C] () -- C:\Users\XXX\Desktop\esl-productivity-secrets.pdf
[2011/07/08 16:17:40 | 006,828,643 | ---- | C] () -- C:\Users\XXX\Desktop\into to lang.pdf
[2011/07/05 22:28:35 | 000,264,269 | ---- | C] () -- C:\Users\XXX\Desktop\XXX.pdf
[2011/07/03 15:42:23 | 000,031,144 | ---- | C] () -- C:\Users\XXX\Desktop\Brown Paper Tickets - The fair-trade ticketing company.pdf
[2011/06/24 17:12:10 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/24 17:11:01 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/24 16:55:25 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/06/24 16:55:20 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/06/17 07:45:56 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2010/12/23 22:11:37 | 000,001,854 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\GhostObjGAFix.xml
[2010/12/11 20:33:56 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/12/06 17:44:18 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/30 15:56:41 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/28 23:34:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/24 22:03:12 | 000,006,656 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 13:40:50 | 002,347,340 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpFROM MOM'S CAMERA 8-2010 193.JPG
[2010/08/25 15:57:16 | 000,552,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2609.0
[2010/08/25 15:57:16 | 000,425,833 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2609.JPG
[2010/08/25 15:55:47 | 000,585,872 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2608.0
[2010/08/25 15:55:47 | 000,477,029 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2608.JPG
[2010/08/25 15:55:16 | 000,604,540 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2607.0
[2010/08/25 15:55:16 | 000,485,343 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2607.JPG
[2010/08/25 15:54:13 | 000,604,532 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2606.0
[2010/08/25 15:54:13 | 000,480,148 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2606.JPG
[2010/08/25 15:52:51 | 000,568,880 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2605.0
[2010/08/25 15:52:51 | 000,457,293 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2605.JPG
[2010/08/25 15:52:09 | 000,681,992 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2604.0
[2010/08/25 15:52:09 | 000,507,189 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2604.JPG
[2010/08/25 15:50:03 | 000,895,180 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2602.0
[2010/08/25 15:50:03 | 000,671,106 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2602.JPG
[2010/08/25 15:49:40 | 000,853,644 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2601.0
[2010/08/25 15:49:40 | 000,641,213 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2601.JPG
[2010/08/25 15:47:05 | 000,489,252 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2593.0
[2010/08/25 15:47:05 | 000,385,084 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpHPIM2593.JPG
[2010/08/10 11:35:15 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/08 08:12:25 | 000,254,990 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300008.0
[2010/08/08 08:12:25 | 000,112,309 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300008.JPG
[2010/08/08 08:11:19 | 000,231,699 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300009.0
[2010/08/08 08:11:19 | 000,097,579 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmp24300009.JPG
[2010/07/29 12:44:31 | 000,007,030 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpCOUCH.JPG
[2010/07/29 12:44:31 | 000,004,662 | ---- | C] () -- C:\Users\XXX\AppData\Local\tmpCOUCH.0
[2010/07/26 10:13:40 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/23 12:35:52 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 12:35:52 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/16 10:08:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 12:14:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 12:14:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 12:14:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2007/11/14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C765C323

< End of report >


OTL Extras

OTL Extras logfile created on: 7/17/2011 10:41:23 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.92% Memory free
7.81 Gb Paging File | 6.15 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.04 Gb Total Space | 89.24 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 15.86 Gb Total Space | 2.58 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}" = HP Deskjet 3050 J610 series Product Improvement Study
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45E5D641-3C82-4F95-92FB-AE5459DF2988}" = HP User Guides 0146
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8026256E-BA16-4125-B350-EE6F31E7A638}" = TOEFL Sample Questions
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.3 build 1287
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B21BDC7C-49A1-4155-9425-2F9DED3CD5ED}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype 5.3
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1f3d5fcc5fe78dc374b6ccbd2d399ba" = Adobe Encore CS4 Library
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"avast" = avast! Free Antivirus
"AVS Audio Converter_is1" = AVS Audio Converter version 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"gAttach!_is1" = gAttach!
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Picasa 3" = Picasa 3
"REAPER" = REAPER
"SopCast" = SopCast 3.2.9
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Veoh Web Player Beta" = Veoh Web Player
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2011 8:46:37 PM | Computer Name = XXX-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 6/15/2011 8:46:37 PM | Computer Name = XXX-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 6/15/2011 8:46:37 PM | Computer Name = XXX-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 6/15/2011 8:46:37 PM | Computer Name = XXX-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 6/15/2011 8:46:37 PM | Computer Name = XXX-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 6/15/2011 9:21:06 PM | Computer Name = XXX-PC | Source = ESENT | ID = 215
Description = WinMail (2908) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 6/16/2011 5:35:41 PM | Computer Name = XXX-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0x80070020.
C:\Windows\system32\spp\tokens\channels\ocur\security-spp-component-sku-ocur-pl.xrm-ms

Error - 6/22/2011 5:37:29 PM | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16800 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 11f0 Start
Time: 01cc3115be94ad4c Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: c992a9af-9d17-11e0-9465-002622b5607b

Error - 6/24/2011 7:59:49 PM | Computer Name = XXX-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 6/24/2011 8:30:56 PM | Computer Name = XXX-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7600.16667 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1068 Start
Time: 01cc32ce01ee2028 Termination Time: 116 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: 51e63cd1-9ec2-11e0-b430-002622b5607b

[ Hewlett-Packard Events ]
Error - 11/16/2010 2:55:54 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 11/30/2010 2:29:11 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 12/24/2010 1:11:30 AM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121023091122.xml
File not created by asset agent

Error - 12/30/2010 9:08:04 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 1/14/2011 4:14:13 AM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011114121406.xml
File not created by asset agent

Error - 1/20/2011 9:05:10 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 3/4/2011 2:04:32 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031104100429.xml
File not created by asset agent

Error - 3/5/2011 1:07:35 AM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031104090728.xml
File not created by asset agent

Error - 3/31/2011 8:49:07 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031131054901.xml
File not created by asset agent

Error - 4/21/2011 9:29:59 PM | Computer Name = XXX-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041121062956.xml
File not created by asset agent

[ OSession Events ]
Error - 9/24/2010 11:42:39 PM | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1796
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/22/2010 1:23:22 PM | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8868
seconds with 7380 seconds of active time. This session ended with a crash.

Error - 10/27/2010 2:07:07 PM | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/17/2011 1:49:57 PM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the TrueVector
Internet Monitor service to connect.

Error - 7/17/2011 1:49:57 PM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 7/17/2011 10:00:38 PM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.

Error - 7/18/2011 1:27:21 AM | Computer Name = XXX-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:26:24 PM on ?7/?17/?2011 was unexpected.

Error - 7/18/2011 1:27:59 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the TrueVector
Internet Monitor service to connect.

Error - 7/18/2011 1:27:59 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 7/18/2011 1:29:30 AM | Computer Name = XXX-PC | Source = DCOM | ID = 10005
Description =

Error - 7/18/2011 1:29:30 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Software Framework Service service to connect.

Error - 7/18/2011 1:29:30 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = The HP Software Framework Service service failed to start due to the
following error: %%1053

Error - 7/18/2011 1:36:32 AM | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >


COMBOFIX

ComboFix 11-07-17.03 - XXX 07/17/2011 23:06:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.560 [GMT -7:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Enabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\system32\no
c:\windows\system32\no\DPCrProv.dll.mui
c:\windows\system32\no\DPSDApi.dll.mui
c:\windows\system32\SV
c:\windows\system32\SV\DPCrProv.dll.mui
c:\windows\system32\SV\DPSDApi.dll.mui
c:\windows\SysWow64\no
c:\windows\SysWow64\no\DPCrProv.dll.mui
c:\windows\SysWow64\no\DPSDApi.dll.mui
c:\windows\SysWow64\SV
c:\windows\SysWow64\SV\DPCrProv.dll.mui
c:\windows\SysWow64\SV\DPSDApi.dll.mui
.
.
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-18 06:01 . 2011-07-18 06:01 -------- d-----w- C:\32788R22FWJFW
2011-07-18 05:25 . 2011-07-18 05:25 -------- d-----w- C:\_OTL
2011-07-17 10:30 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-17 10:30 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-17 10:30 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-17 10:30 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-17 10:29 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-17 10:29 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-17 10:29 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-17 10:29 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-17 10:29 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-17 10:29 . 2011-07-17 10:29 -------- d-----w- c:\programdata\AVAST Software
2011-07-17 10:29 . 2011-07-17 10:29 -------- d-----w- c:\program files\AVAST Software
2011-07-16 01:59 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F18EC9F9-C6AB-4345-8344-1E3E2B0FF050}\mpengine.dll
2011-07-15 03:58 . 2010-11-30 00:21 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-07-15 03:58 . 2010-11-30 00:21 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-07-14 00:09 . 2011-07-08 07:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-13 20:29 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-06-28 20:49 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-25 03:04 . 2011-06-25 03:29 -------- d-----w- C:\output media
2011-06-25 00:13 . 2011-06-25 00:13 -------- d-----w- c:\windows\en
2011-06-25 00:10 . 2011-06-25 00:10 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-25 00:04 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 00:04 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-24 23:59 . 2011-06-25 00:09 -------- d-----w- c:\program files (x86)\Windows Live
2011-06-24 23:57 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-06-24 23:57 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-06-24 23:57 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-06-24 23:57 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-24 23:56 . 2011-07-17 10:53 -------- d-----w- c:\program files (x86)\Free Convert MPEG WMV to MP4 FLV AVI Converter
2011-06-24 23:55 . 2008-07-04 06:34 860160 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-06-24 23:55 . 2008-05-22 22:22 3596288 ----a-w- c:\windows\SysWow64\qt-dx331.dll
2011-06-24 23:55 . 2008-05-22 22:19 81920 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-06-24 23:55 . 2008-05-30 23:22 683520 ----a-w- c:\windows\SysWow64\divx.dll
2011-06-24 23:52 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-06-24 23:52 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-06-24 23:52 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-06-24 23:52 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-06-24 23:49 . 2011-06-24 23:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a05ebe51cc32c905\DSETUP.dll
2011-06-24 23:49 . 2011-06-24 23:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a05ebe51cc32c905\DXSETUP.exe
2011-06-24 23:49 . 2011-06-24 23:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a05ebe51cc32c905\dsetup32.dll
2011-06-24 23:49 . 2011-06-24 23:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6129929e1cc32c904\DSETUP.dll
2011-06-24 23:49 . 2011-06-24 23:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6129929e1cc32c904\DXSETUP.exe
2011-06-24 23:49 . 2011-06-24 23:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6129929e1cc32c904\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2010-08-11 05:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-08-11 05:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 05:08 . 2011-05-18 12:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-25 00:09 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-17 14:45 . 2011-06-17 14:45 36734 ----a-w- c:\windows\SysWow64\OggDSuninst.exe
2011-06-08 20:14 . 2010-12-12 06:42 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 05:56 . 2011-07-13 20:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-17 00:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 00:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-25 02:14 . 2010-07-29 19:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-14 01:58 . 2011-05-14 01:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-14 01:58 . 2009-07-08 21:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-05-14 01:58 . 2011-05-14 01:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-14 01:58 . 2011-05-14 01:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-14 01:57 . 2011-05-14 01:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-04 02:51 . 2011-06-17 00:13 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 00:13 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 00:13 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-15 21:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-15 21:59 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-15 21:59 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-15 21:59 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-15 21:59 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-17 00:13 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-17 00:13 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-17 00:13 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-25 14:51 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-17 00:12 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-17 00:12 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-17 00:12 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-17 00:12 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-17 00:12 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-17 00:12 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-28 06:02 . 2010-11-28 06:02 446464 ----a-w- c:\program files (x86)\TFC.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 cpuz134;cpuz134;c:\users\XXX\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-29 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
R3 iscFlash;iscFlash;c:\users\XXX\AppData\Local\Temp\iscflashx64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 01:19]
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 01:19]
.
2011-06-28 c:\windows\Tasks\HPCeeScheduleForXXX.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF31909.cfxxe" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 365592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://osn-lbpx2.ets.org/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\program files (x86)\Tencent\QQ\SendMMS.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to QQ Customized Panel - c:\program files (x86)\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emoticons - c:\program files (x86)\Tencent\QQ\AddEmotion.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Send picture by MMS - c:\program files (x86)\Tencent\QQ\SendMMS.htm
IE: Send the Picture by QQ MMS - c:\program files (x86)\Tencent\QQ\SendMMS.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
AddRemove-magicJack - c:\users\XXX\AppData\Roaming\mjusbsp\magicJackLoader.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-07-17 23:37:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-18 06:37
.
Pre-Run: 97,250,983,936 bytes free
Post-Run: 96,499,339,264 bytes free
.
- - End Of File - - 004F0CA4B1CB07C4CA0683509BCEEE6A


TDSS Killer

2011/07/17 23:47:46.0797 5076 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 23:47:46.0823 5076 ================================================================================
2011/07/17 23:47:46.0824 5076 SystemInfo:
2011/07/17 23:47:46.0824 5076
2011/07/17 23:47:46.0824 5076 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/17 23:47:46.0824 5076 Product type: Workstation
2011/07/17 23:47:46.0824 5076 ComputerName: XXX-PC
2011/07/17 23:47:46.0824 5076 UserName: XXX
2011/07/17 23:47:46.0824 5076 Windows directory: C:\Windows
2011/07/17 23:47:46.0824 5076 System windows directory: C:\Windows
2011/07/17 23:47:46.0824 5076 Running under WOW64
2011/07/17 23:47:46.0824 5076 Processor architecture: Intel x64
2011/07/17 23:47:46.0824 5076 Number of processors: 2
2011/07/17 23:47:46.0824 5076 Page size: 0x1000
2011/07/17 23:47:46.0824 5076 Boot type: Normal boot
2011/07/17 23:47:46.0824 5076 ================================================================================
2011/07/17 23:47:49.0065 5076 Initialize success
2011/07/17 23:47:53.0509 4480 ================================================================================
2011/07/17 23:47:53.0509 4480 Scan started
2011/07/17 23:47:53.0509 4480 Mode: Manual;
2011/07/17 23:47:53.0509 4480 ================================================================================
2011/07/17 23:47:56.0101 4480 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/17 23:47:56.0353 4480 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/07/17 23:47:56.0589 4480 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/17 23:47:56.0869 4480 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/17 23:47:57.0175 4480 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/07/17 23:47:57.0493 4480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/17 23:47:57.0979 4480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/17 23:47:58.0381 4480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/17 23:47:58.0773 4480 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/17 23:47:59.0203 4480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/17 23:47:59.0628 4480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/17 23:48:00.0099 4480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/17 23:48:00.0437 4480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/17 23:48:01.0010 4480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/17 23:48:01.0579 4480 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/17 23:48:02.0423 4480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/17 23:48:02.0931 4480 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/17 23:48:03.0482 4480 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/17 23:48:03.0859 4480 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/17 23:48:04.0137 4480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/17 23:48:04.0366 4480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/17 23:48:05.0232 4480 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/17 23:48:05.0905 4480 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/17 23:48:06.0674 4480 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/07/17 23:48:07.0217 4480 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/07/17 23:48:07.0709 4480 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/07/17 23:48:08.0017 4480 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/07/17 23:48:08.0326 4480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/17 23:48:08.0616 4480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/17 23:48:09.0076 4480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/17 23:48:09.0584 4480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/17 23:48:10.0262 4480 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/17 23:48:10.0900 4480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/17 23:48:11.0273 4480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/17 23:48:12.0176 4480 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/17 23:48:12.0733 4480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/17 23:48:13.0010 4480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/17 23:48:13.0388 4480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/17 23:48:13.0801 4480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/17 23:48:14.0580 4480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/17 23:48:15.0290 4480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/17 23:48:15.0579 4480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/17 23:48:15.0877 4480 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/07/17 23:48:16.0798 4480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/17 23:48:17.0166 4480 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/17 23:48:18.0755 4480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/17 23:48:19.0277 4480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/17 23:48:19.0609 4480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/17 23:48:19.0868 4480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/17 23:48:20.0288 4480 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/17 23:48:20.0640 4480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/17 23:48:21.0095 4480 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/17 23:48:21.0752 4480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/17 23:48:22.0231 4480 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/17 23:48:23.0173 4480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/17 23:48:23.0666 4480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/17 23:48:24.0228 4480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/17 23:48:24.0569 4480 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/17 23:48:25.0265 4480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/17 23:48:25.0743 4480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/17 23:48:26.0219 4480 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/17 23:48:26.0654 4480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/17 23:48:26.0947 4480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/17 23:48:27.0437 4480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/17 23:48:27.0786 4480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/17 23:48:28.0058 4480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/17 23:48:28.0792 4480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/17 23:48:29.0583 4480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/17 23:48:30.0175 4480 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/17 23:48:30.0471 4480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/17 23:48:30.0951 4480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/17 23:48:31.0329 4480 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/17 23:48:31.0879 4480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/17 23:48:32.0478 4480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/17 23:48:33.0160 4480 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/17 23:48:33.0556 4480 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/17 23:48:34.0097 4480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/17 23:48:35.0405 4480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/17 23:48:36.0037 4480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/17 23:48:36.0322 4480 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/17 23:48:36.0790 4480 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/07/17 23:48:37.0132 4480 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/17 23:48:37.0368 4480 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/17 23:48:38.0022 4480 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/17 23:48:38.0528 4480 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/17 23:48:38.0838 4480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/17 23:48:39.0307 4480 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/17 23:48:40.0544 4480 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/17 23:48:41.0151 4480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/17 23:48:41.0567 4480 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/17 23:48:41.0829 4480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/17 23:48:42.0144 4480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/17 23:48:42.0642 4480 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/17 23:48:43.0182 4480 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/17 23:48:43.0704 4480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/17 23:48:44.0252 4480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/17 23:48:44.0634 4480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/17 23:48:45.0651 4480 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/17 23:48:46.0216 4480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/17 23:48:46.0668 4480 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/17 23:48:46.0961 4480 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/17 23:48:47.0380 4480 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/17 23:48:47.0987 4480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/17 23:48:48.0389 4480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/17 23:48:48.0768 4480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/17 23:48:49.0491 4480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/17 23:48:50.0334 4480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/17 23:48:50.0652 4480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/17 23:48:51.0874 4480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/17 23:48:52.0499 4480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/17 23:48:53.0046 4480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/17 23:48:53.0604 4480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/17 23:48:53.0949 4480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/17 23:48:54.0404 4480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/17 23:48:54.0717 4480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/17 23:48:55.0172 4480 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/17 23:48:55.0543 4480 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/17 23:48:55.0797 4480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/17 23:48:56.0132 4480 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/17 23:48:56.0830 4480 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/17 23:48:57.0355 4480 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/17 23:48:57.0654 4480 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/17 23:48:57.0975 4480 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/17 23:48:58.0310 4480 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/17 23:48:58.0615 4480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/17 23:48:58.0822 4480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/17 23:48:59.0191 4480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/17 23:48:59.0785 4480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/17 23:49:00.0019 4480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/17 23:49:00.0315 4480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/17 23:49:00.0706 4480 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/17 23:49:01.0315 4480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/17 23:49:01.0642 4480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/17 23:49:01.0872 4480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/17 23:49:02.0346 4480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/17 23:49:02.0763 4480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/17 23:49:03.0425 4480 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/17 23:49:03.0736 4480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/17 23:49:04.0151 4480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/17 23:49:04.0642 4480 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/17 23:49:04.0996 4480 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/17 23:49:05.0277 4480 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/17 23:49:05.0589 4480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/17 23:49:05.0943 4480 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/17 23:49:06.0665 4480 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/07/17 23:49:07.0465 4480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/17 23:49:07.0861 4480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/17 23:49:08.0162 4480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/17 23:49:08.0556 4480 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/17 23:49:08.0841 4480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/17 23:49:09.0209 4480 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/17 23:49:09.0530 4480 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/17 23:49:09.0788 4480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/17 23:49:10.0000 4480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/17 23:49:10.0411 4480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/17 23:49:10.0669 4480 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/17 23:49:10.0964 4480 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/17 23:49:11.0321 4480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/17 23:49:11.0596 4480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/17 23:49:11.0836 4480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/17 23:49:12.0170 4480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/17 23:49:13.0126 4480 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/17 23:49:13.0457 4480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/17 23:49:13.0762 4480 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/17 23:49:14.0045 4480 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/17 23:49:14.0753 4480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/17 23:49:15.0130 4480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/17 23:49:15.0434 4480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/17 23:49:15.0666 4480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/17 23:49:16.0125 4480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/17 23:49:16.0383 4480 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/17 23:49:16.0698 4480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/17 23:49:16.0940 4480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/17 23:49:17.0303 4480 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/17 23:49:17.0515 4480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/17 23:49:17.0793 4480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/17 23:49:18.0154 4480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/17 23:49:18.0885 4480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/17 23:49:19.0123 4480 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/17 23:49:19.0448 4480 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/17 23:49:19.0792 4480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/17 23:49:20.0077 4480 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/17 23:49:20.0391 4480 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/17 23:49:20.0657 4480 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/17 23:49:20.0885 4480 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/17 23:49:21.0175 4480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/17 23:49:21.0377 4480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/17 23:49:21.0602 4480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/17 23:49:21.0831 4480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/17 23:49:22.0215 4480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/17 23:49:22.0420 4480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/17 23:49:22.0665 4480 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/17 23:49:22.0934 4480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/17 23:49:23.0248 4480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/17 23:49:23.0711 4480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/17 23:49:24.0077 4480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/17 23:49:24.0392 4480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/17 23:49:24.0877 4480 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
2011/07/17 23:49:24.0877 4480 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
2011/07/17 23:49:24.0925 4480 sptd - detected LockedFile.Multi.Generic (1)
2011/07/17 23:49:25.0142 4480 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/17 23:49:25.0513 4480 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/17 23:49:25.0837 4480 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/07/17 23:49:26.0115 4480 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/07/17 23:49:26.0382 4480 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/07/17 23:49:26.0698 4480 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/17 23:49:27.0042 4480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/17 23:49:27.0295 4480 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/17 23:49:27.0620 4480 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/17 23:49:27.0878 4480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/17 23:49:28.0438 4480 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/17 23:49:29.0039 4480 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/17 23:49:29.0250 4480 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/17 23:49:29.0540 4480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/17 23:49:29.0730 4480 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/17 23:49:29.0927 4480 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/17 23:49:30.0148 4480 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/17 23:49:30.0444 4480 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/17 23:49:30.0654 4480 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/17 23:49:31.0221 4480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/17 23:49:31.0528 4480 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/17 23:49:31.0748 4480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/17 23:49:31.0996 4480 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/17 23:49:32.0196 4480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/17 23:49:32.0471 4480 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/07/17 23:49:32.0754 4480 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/17 23:49:32.0936 4480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/17 23:49:33.0203 4480 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/17 23:49:33.0590 4480 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/17 23:49:33.0993 4480 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/17 23:49:34.0395 4480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/17 23:49:34.0681 4480 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/17 23:49:34.0860 4480 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/17 23:49:35.0326 4480 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/17 23:49:35.0549 4480 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/17 23:49:35.0841 4480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/17 23:49:36.0085 4480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/17 23:49:36.0367 4480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/17 23:49:36.0561 4480 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/17 23:49:36.0946 4480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/17 23:49:37.0230 4480 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/17 23:49:38.0287 4480 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/17 23:49:38.0615 4480 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/17 23:49:38.0856 4480 Vsdatant (be2a2ddd8124c6da65962b9f2cf94183) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/07/17 23:49:39.0104 4480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/17 23:49:39.0377 4480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/17 23:49:39.0583 4480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/17 23:49:39.0844 4480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/17 23:49:40.0118 4480 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 23:49:40.0148 4480 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/17 23:49:40.0578 4480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/17 23:49:40.0845 4480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/17 23:49:41.0078 4480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/17 23:49:41.0257 4480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/17 23:49:41.0592 4480 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/17 23:49:41.0814 4480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/17 23:49:42.0081 4480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/17 23:49:42.0279 4480 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/17 23:49:42.0613 4480 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/17 23:49:42.0954 4480 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/17 23:49:43.0380 4480 MBR (0x1B8) (581876339257fbd683704568fbeccd2c) \Device\Harddisk0\DR0
2011/07/17 23:49:43.0460 4480 Boot (0x1200) (cf14fb5ff8c5f0e9df93175a65f53a70) \Device\Harddisk0\DR0\Partition0
2011/07/17 23:49:43.0510 4480 Boot (0x1200) (b6862055e152ae18b60e4f52eb209bb3) \Device\Harddisk0\DR0\Partition1
2011/07/17 23:49:43.0556 4480 Boot (0x1200) (a3b77d9e9c1f01ee7f4f1121fa6bd2bb) \Device\Harddisk0\DR0\Partition2
2011/07/17 23:49:43.0562 4480 ================================================================================
2011/07/17 23:49:43.0562 4480 Scan finished
2011/07/17 23:49:43.0562 4480 ================================================================================
2011/07/17 23:49:43.0575 0628 Detected object count: 1
2011/07/17 23:49:43.0575 0628 Actual detected object count: 1
2011/07/17 23:49:52.0275 0628 LockedFile.Multi.Generic(sptd) - User select action: Skip


aswMBR **Fix button was enabled**

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 00:07:04
-----------------------------
00:07:04.000 OS Version: Windows x64 6.1.7600
00:07:04.000 Number of processors: 2 586 0x170A
00:07:04.000 ComputerName: XXX-PC UserName: XXX
00:07:06.606 Initialize success
00:07:06.902 AVAST engine defs: 11071702
00:07:09.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:07:10.006 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
00:07:10.100 Disk 0 MBR read successfully
00:07:10.116 Disk 0 MBR scan
00:07:10.116 Disk 0 unknown MBR code
00:07:10.116 Service scanning
00:07:15.482 Disk 0 trace - called modules:
00:07:15.498 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys >>UNKNOWN [0xfffffa8003cb32c0]<<
00:07:15.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ce6790]
00:07:15.498 3 CLASSPNP.SYS[fffff8800123d43f] -> nt!IofCallDriver -> [0xfffffa8004ce6040]
00:07:15.513 5 hpdskflt.sys[fffff88001e14189] -> nt!IofCallDriver -> [0xfffffa8004b541e0]
00:07:15.513 7 ACPI.sys[fffff88000f5e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b73060]
00:07:15.513 \Driver\atapi[0xfffffa8004730e70] -> IRP_MJ_CREATE -> 0xfffffa8003cb32c0
00:07:17.775 AVAST engine scan C:\Windows
00:07:23.173 AVAST engine scan C:\Windows\system32
00:11:29.482 AVAST engine scan C:\Windows\system32\drivers
00:12:29.277 AVAST engine scan C:\Users\XXX
00:13:59.991 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
00:14:00.006 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"
  • 0

#8
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
I forgot to mention that my computer blue-screened and had to be rebooted in the middle of the aswMBR scan. Reboot was okay and I started the scan over.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\Drivers\sptd.sys

Driver::
sptd


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run TDSSKiller again and post its log.

Run aswMBR again and if the Fix button is still enabled, press it and post the new log.

Uninstall Zone Alarm. It's hanging at boot which can cause your internet to go away. If you feel you need a firewall then get the free Online Armor. http://www.online-ar...-armor-free.php Much more reliable than ZA.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall Java 6 Update 22. It's obsolete and you have 6 update 26 already.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#10
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Hi there! Here we go. It's logmania.

COMBOFIX

ComboFix 11-07-18.04 - XXX 07/18/2011 13:54:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1005 [GMT -7:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
Command switches used :: c:\users\XXX\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Enabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-18 21:22 . 2011-07-18 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-18 05:25 . 2011-07-18 05:25 -------- d-----w- C:\_OTL
2011-07-17 10:30 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-17 10:30 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-17 10:30 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-17 10:30 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-17 10:29 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-17 10:29 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-17 10:29 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-17 10:29 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-17 10:29 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-17 10:29 . 2011-07-17 10:29 -------- d-----w- c:\programdata\AVAST Software
2011-07-17 10:29 . 2011-07-17 10:29 -------- d-----w- c:\program files\AVAST Software
2011-07-16 01:59 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F18EC9F9-C6AB-4345-8344-1E3E2B0FF050}\mpengine.dll
2011-07-15 03:58 . 2010-11-30 00:21 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-07-15 03:58 . 2010-11-30 00:21 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-07-14 00:09 . 2011-07-08 07:16 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-13 20:29 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-06-28 20:49 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-25 03:04 . 2011-06-25 03:29 -------- d-----w- C:\output media
2011-06-25 00:13 . 2011-06-25 00:13 -------- d-----w- c:\windows\en
2011-06-25 00:10 . 2011-06-25 00:10 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-25 00:04 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 00:04 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-24 23:59 . 2011-06-25 00:09 -------- d-----w- c:\program files (x86)\Windows Live
2011-06-24 23:57 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-06-24 23:57 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-06-24 23:57 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-06-24 23:57 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-24 23:56 . 2011-07-17 10:53 -------- d-----w- c:\program files (x86)\Free Convert MPEG WMV to MP4 FLV AVI Converter
2011-06-24 23:55 . 2008-07-04 06:34 860160 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-06-24 23:55 . 2008-05-22 22:22 3596288 ----a-w- c:\windows\SysWow64\qt-dx331.dll
2011-06-24 23:55 . 2008-05-22 22:19 81920 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-06-24 23:55 . 2008-05-30 23:22 683520 ----a-w- c:\windows\SysWow64\divx.dll
2011-06-24 23:52 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-06-24 23:52 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-06-24 23:52 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-06-24 23:52 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-06-24 23:49 . 2011-06-24 23:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a05ebe51cc32c905\DSETUP.dll
2011-06-24 23:49 . 2011-06-24 23:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a05ebe51cc32c905\DXSETUP.exe
2011-06-24 23:49 . 2011-06-24 23:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6a05ebe51cc32c905\dsetup32.dll
2011-06-24 23:49 . 2011-06-24 23:49 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6129929e1cc32c904\DSETUP.dll
2011-06-24 23:49 . 2011-06-24 23:49 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6129929e1cc32c904\DXSETUP.exe
2011-06-24 23:49 . 2011-06-24 23:49 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6129929e1cc32c904\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2010-08-11 05:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-08-11 05:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 05:08 . 2011-05-18 12:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-25 00:09 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-17 14:45 . 2011-06-17 14:45 36734 ----a-w- c:\windows\SysWow64\OggDSuninst.exe
2011-06-08 20:14 . 2010-12-12 06:42 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 05:56 . 2011-07-13 20:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-17 00:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 00:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-25 02:14 . 2010-07-29 19:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-14 01:58 . 2011-05-14 01:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-14 01:58 . 2009-07-08 21:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-05-14 01:58 . 2011-05-14 01:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-14 01:58 . 2011-05-14 01:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-14 01:57 . 2011-05-14 01:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-04 02:51 . 2011-06-17 00:13 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 00:13 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 00:13 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-15 21:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-15 21:59 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-15 21:59 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-15 21:59 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-15 21:59 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-17 00:13 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-17 00:13 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-17 00:13 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-25 14:51 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-17 00:12 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-17 00:12 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-17 00:12 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-17 00:12 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-17 00:12 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-17 00:12 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-28 06:02 . 2010-11-28 06:02 446464 ----a-w- c:\program files (x86)\TFC.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_06.23.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-07-16 21:19 . 2011-07-18 06:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-16 21:19 . 2011-07-18 21:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-16 21:19 . 2011-07-18 06:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-16 21:19 . 2011-07-18 21:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-17 17:49 . 2011-07-18 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-18 21:25 . 2011-07-18 21:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-17 17:49 . 2011-07-18 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-18 21:25 . 2011-07-18 21:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-17 17:48 475352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-18 21:24 475352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-18 19:04 . 2011-07-18 21:24 1354852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-965545590-1978782907-1710215557-1000-8192.dat
- 2010-07-18 19:04 . 2011-07-17 17:48 1354852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-965545590-1978782907-1710215557-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 cpuz134;cpuz134;c:\users\XXX\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-29 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
R3 iscFlash;iscFlash;c:\users\XXX\AppData\Local\Temp\iscflashx64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 01:19]
.
2011-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 01:19]
.
2011-06-28 c:\windows\Tasks\HPCeeScheduleForXXX.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF9784.cfxxe" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 365592]
.
------- Supplementary Scan -------
.
uStart Page = https://osn-lbpx2.ets.org/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\program files (x86)\Tencent\QQ\SendMMS.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to QQ Customized Panel - c:\program files (x86)\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emoticons - c:\program files (x86)\Tencent\QQ\AddEmotion.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Send picture by MMS - c:\program files (x86)\Tencent\QQ\SendMMS.htm
IE: Send the Picture by QQ MMS - c:\program files (x86)\Tencent\QQ\SendMMS.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\qvltjbgi.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-07-18 14:42:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-18 21:42
ComboFix2.txt 2011-07-18 06:37
.
Pre-Run: 95,265,775,616 bytes free
Post-Run: 95,736,401,920 bytes free
.
- - End Of File - - A1349E90E5896CABA75202A25328E021





TDSSkiller

2011/07/18 14:44:01.0901 3084 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/18 14:44:03.0914 3084 ================================================================================
2011/07/18 14:44:03.0914 3084 SystemInfo:
2011/07/18 14:44:03.0914 3084
2011/07/18 14:44:03.0914 3084 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/18 14:44:03.0914 3084 Product type: Workstation
2011/07/18 14:44:03.0914 3084 ComputerName: XXX-PC
2011/07/18 14:44:03.0914 3084 UserName: XXX
2011/07/18 14:44:03.0914 3084 Windows directory: C:\Windows
2011/07/18 14:44:03.0914 3084 System windows directory: C:\Windows
2011/07/18 14:44:03.0914 3084 Running under WOW64
2011/07/18 14:44:03.0914 3084 Processor architecture: Intel x64
2011/07/18 14:44:03.0914 3084 Number of processors: 2
2011/07/18 14:44:03.0914 3084 Page size: 0x1000
2011/07/18 14:44:03.0914 3084 Boot type: Normal boot
2011/07/18 14:44:03.0914 3084 ================================================================================
2011/07/18 14:44:05.0957 3084 Initialize success
2011/07/18 14:44:07.0938 4088 ================================================================================
2011/07/18 14:44:07.0938 4088 Scan started
2011/07/18 14:44:07.0938 4088 Mode: Manual;
2011/07/18 14:44:07.0938 4088 ================================================================================
2011/07/18 14:44:09.0717 4088 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/18 14:44:10.0060 4088 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/07/18 14:44:10.0325 4088 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/18 14:44:10.0637 4088 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/18 14:44:11.0012 4088 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/07/18 14:44:11.0558 4088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/18 14:44:12.0041 4088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/18 14:44:12.0681 4088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/18 14:44:13.0008 4088 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/18 14:44:13.0430 4088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/18 14:44:13.0820 4088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/18 14:44:14.0194 4088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/18 14:44:14.0459 4088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/18 14:44:14.0802 4088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/18 14:44:15.0099 4088 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/18 14:44:15.0395 4088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/18 14:44:15.0707 4088 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/18 14:44:16.0191 4088 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/18 14:44:16.0534 4088 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/18 14:44:16.0924 4088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/18 14:44:17.0096 4088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/18 14:44:17.0673 4088 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/18 14:44:17.0922 4088 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/18 14:44:18.0188 4088 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/07/18 14:44:18.0624 4088 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/07/18 14:44:18.0905 4088 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/07/18 14:44:19.0280 4088 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/07/18 14:44:19.0560 4088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/18 14:44:19.0888 4088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/18 14:44:20.0184 4088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/18 14:44:20.0528 4088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/18 14:44:21.0042 4088 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/18 14:44:21.0464 4088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/18 14:44:22.0010 4088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/18 14:44:22.0306 4088 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/18 14:44:22.0743 4088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/18 14:44:22.0930 4088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/18 14:44:23.0195 4088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/18 14:44:23.0429 4088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/18 14:44:23.0757 4088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/18 14:44:24.0069 4088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/18 14:44:24.0443 4088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/18 14:44:24.0802 4088 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/07/18 14:44:25.0551 4088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/18 14:44:25.0925 4088 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/18 14:44:26.0237 4088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/18 14:44:26.0471 4088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/18 14:44:26.0908 4088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/18 14:44:27.0220 4088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/18 14:44:27.0548 4088 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/18 14:44:27.0969 4088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/18 14:44:28.0374 4088 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/18 14:44:28.0874 4088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/18 14:44:29.0201 4088 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/18 14:44:29.0435 4088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/18 14:44:29.0685 4088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/18 14:44:30.0044 4088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/18 14:44:30.0465 4088 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/18 14:44:30.0964 4088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/18 14:44:31.0338 4088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/18 14:44:31.0760 4088 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/18 14:44:31.0994 4088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/18 14:44:32.0259 4088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/18 14:44:32.0571 4088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/18 14:44:32.0945 4088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/18 14:44:33.0210 4088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/18 14:44:33.0522 4088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/18 14:44:33.0897 4088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/18 14:44:34.0271 4088 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/18 14:44:34.0583 4088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/18 14:44:34.0880 4088 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/18 14:44:35.0160 4088 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/18 14:44:35.0504 4088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/18 14:44:35.0862 4088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/18 14:44:36.0143 4088 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/18 14:44:36.0408 4088 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/18 14:44:36.0642 4088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/18 14:44:36.0986 4088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/18 14:44:37.0220 4088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/18 14:44:37.0594 4088 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/18 14:44:37.0890 4088 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/07/18 14:44:38.0202 4088 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/18 14:44:38.0514 4088 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/18 14:44:38.0826 4088 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/18 14:44:39.0170 4088 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/18 14:44:39.0513 4088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/18 14:44:39.0887 4088 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/18 14:44:40.0964 4088 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/18 14:44:41.0494 4088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/18 14:44:41.0790 4088 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/18 14:44:42.0118 4088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/18 14:44:42.0430 4088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/18 14:44:42.0680 4088 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/18 14:44:42.0726 4088 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/18 14:44:43.0070 4088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/18 14:44:43.0428 4088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/18 14:44:43.0662 4088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/18 14:44:44.0349 4088 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/18 14:44:44.0598 4088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/18 14:44:44.0957 4088 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/18 14:44:45.0254 4088 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/18 14:44:45.0456 4088 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/18 14:44:45.0706 4088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/18 14:44:46.0190 4088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/18 14:44:46.0424 4088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/18 14:44:46.0751 4088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/18 14:44:46.0970 4088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/18 14:44:47.0360 4088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/18 14:44:47.0672 4088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/18 14:44:48.0062 4088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/18 14:44:48.0374 4088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/18 14:44:48.0701 4088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/18 14:44:48.0982 4088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/18 14:44:49.0341 4088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/18 14:44:49.0715 4088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/18 14:44:50.0027 4088 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/18 14:44:50.0214 4088 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/18 14:44:50.0589 4088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/18 14:44:50.0994 4088 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/18 14:44:51.0322 4088 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/18 14:44:51.0759 4088 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/18 14:44:52.0040 4088 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/18 14:44:52.0305 4088 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/18 14:44:52.0695 4088 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/18 14:44:52.0851 4088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/18 14:44:53.0178 4088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/18 14:44:53.0475 4088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/18 14:44:53.0880 4088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/18 14:44:54.0177 4088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/18 14:44:54.0520 4088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/18 14:44:54.0863 4088 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/18 14:44:55.0066 4088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/18 14:44:55.0378 4088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/18 14:44:56.0111 4088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/18 14:44:56.0595 4088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/18 14:44:57.0016 4088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/18 14:44:57.0406 4088 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/18 14:44:57.0749 4088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/18 14:44:58.0061 4088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/18 14:44:58.0389 4088 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/18 14:44:58.0701 4088 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/18 14:44:58.0950 4088 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/18 14:44:59.0278 4088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/18 14:44:59.0606 4088 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/18 14:45:00.0464 4088 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/07/18 14:45:00.0869 4088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/18 14:45:01.0212 4088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/18 14:45:01.0587 4088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/18 14:45:01.0961 4088 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/18 14:45:02.0320 4088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/18 14:45:02.0726 4088 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/18 14:45:02.0960 4088 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/18 14:45:03.0209 4088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/18 14:45:03.0506 4088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/18 14:45:03.0942 4088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/18 14:45:04.0192 4088 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/18 14:45:04.0457 4088 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/18 14:45:04.0738 4088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/18 14:45:05.0565 4088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/18 14:45:05.0861 4088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/18 14:45:06.0298 4088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/18 14:45:06.0813 4088 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/18 14:45:07.0016 4088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/18 14:45:07.0328 4088 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/18 14:45:07.0640 4088 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/18 14:45:07.0983 4088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/18 14:45:08.0357 4088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/18 14:45:08.0654 4088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/18 14:45:08.0903 4088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/18 14:45:09.0340 4088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/18 14:45:09.0652 4088 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/18 14:45:09.0886 4088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/18 14:45:10.0182 4088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/18 14:45:10.0494 4088 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/18 14:45:11.0243 4088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/18 14:45:11.0524 4088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/18 14:45:11.0805 4088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/18 14:45:12.0195 4088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/18 14:45:12.0413 4088 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/18 14:45:12.0678 4088 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/18 14:45:13.0115 4088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/18 14:45:13.0380 4088 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/18 14:45:13.0708 4088 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/18 14:45:14.0004 4088 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/18 14:45:14.0332 4088 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/18 14:45:14.0613 4088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/18 14:45:15.0018 4088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/18 14:45:15.0424 4088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/18 14:45:15.0611 4088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/18 14:45:15.0954 4088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/18 14:45:16.0438 4088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/18 14:45:16.0719 4088 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/18 14:45:17.0093 4088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/18 14:45:17.0374 4088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/18 14:45:17.0624 4088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/18 14:45:17.0873 4088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/18 14:45:18.0216 4088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/18 14:45:18.0591 4088 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/18 14:45:18.0996 4088 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/18 14:45:19.0308 4088 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/07/18 14:45:19.0745 4088 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/07/18 14:45:20.0166 4088 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/07/18 14:45:20.0556 4088 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/18 14:45:20.0915 4088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/18 14:45:21.0352 4088 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/18 14:45:21.0773 4088 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/18 14:45:22.0070 4088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/18 14:45:22.0647 4088 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/18 14:45:23.0240 4088 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/18 14:45:23.0536 4088 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/18 14:45:23.0848 4088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/18 14:45:24.0066 4088 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/18 14:45:24.0363 4088 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/18 14:45:24.0675 4088 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/18 14:45:25.0002 4088 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/18 14:45:25.0236 4088 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/18 14:45:25.0548 4088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/18 14:45:25.0938 4088 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/18 14:45:26.0297 4088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/18 14:45:26.0594 4088 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/18 14:45:26.0890 4088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/18 14:45:27.0186 4088 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/07/18 14:45:27.0592 4088 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/18 14:45:27.0873 4088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/18 14:45:28.0263 4088 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/18 14:45:28.0497 4088 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/18 14:45:28.0700 4088 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/18 14:45:29.0214 4088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/18 14:45:29.0480 4088 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/18 14:45:29.0698 4088 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/18 14:45:29.0963 4088 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/18 14:45:30.0182 4088 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/18 14:45:30.0494 4088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/18 14:45:30.0852 4088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/18 14:45:31.0180 4088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/18 14:45:31.0492 4088 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/18 14:45:31.0773 4088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/18 14:45:32.0007 4088 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/18 14:45:32.0256 4088 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/18 14:45:32.0600 4088 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/18 14:45:33.0005 4088 Vsdatant (be2a2ddd8124c6da65962b9f2cf94183) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/07/18 14:45:33.0567 4088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/18 14:45:33.0832 4088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/18 14:45:34.0160 4088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/18 14:45:34.0409 4088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/18 14:45:34.0721 4088 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/18 14:45:34.0784 4088 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/18 14:45:35.0189 4088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/18 14:45:35.0579 4088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/18 14:45:35.0985 4088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/18 14:45:36.0328 4088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/18 14:45:36.0718 4088 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/18 14:45:36.0999 4088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/18 14:45:37.0373 4088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/18 14:45:37.0685 4088 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/18 14:45:38.0153 4088 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/18 14:45:38.0528 4088 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/18 14:45:38.0606 4088 MBR (0x1B8) (581876339257fbd683704568fbeccd2c) \Device\Harddisk0\DR0
2011/07/18 14:45:38.0652 4088 Boot (0x1200) (cf14fb5ff8c5f0e9df93175a65f53a70) \Device\Harddisk0\DR0\Partition0
2011/07/18 14:45:38.0684 4088 Boot (0x1200) (b6862055e152ae18b60e4f52eb209bb3) \Device\Harddisk0\DR0\Partition1
2011/07/18 14:45:38.0715 4088 Boot (0x1200) (a3b77d9e9c1f01ee7f4f1121fa6bd2bb) \Device\Harddisk0\DR0\Partition2
2011/07/18 14:45:38.0730 4088 ================================================================================
2011/07/18 14:45:38.0730 4088 Scan finished
2011/07/18 14:45:38.0730 4088 ================================================================================
2011/07/18 14:45:38.0746 3904 Detected object count: 0
2011/07/18 14:45:38.0746 3904 Actual detected object count: 0




aswMBR -- Fix button was enabled. Pressed it.

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 00:07:04
-----------------------------
00:07:04.000 OS Version: Windows x64 6.1.7600
00:07:04.000 Number of processors: 2 586 0x170A
00:07:04.000 ComputerName: XXX-PC UserName: XXX
00:07:06.606 Initialize success
00:07:06.902 AVAST engine defs: 11071702
00:07:09.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:07:10.006 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
00:07:10.100 Disk 0 MBR read successfully
00:07:10.116 Disk 0 MBR scan
00:07:10.116 Disk 0 unknown MBR code
00:07:10.116 Service scanning
00:07:15.482 Disk 0 trace - called modules:
00:07:15.498 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys >>UNKNOWN [0xfffffa8003cb32c0]<<
00:07:15.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ce6790]
00:07:15.498 3 CLASSPNP.SYS[fffff8800123d43f] -> nt!IofCallDriver -> [0xfffffa8004ce6040]
00:07:15.513 5 hpdskflt.sys[fffff88001e14189] -> nt!IofCallDriver -> [0xfffffa8004b541e0]
00:07:15.513 7 ACPI.sys[fffff88000f5e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b73060]
00:07:15.513 \Driver\atapi[0xfffffa8004730e70] -> IRP_MJ_CREATE -> 0xfffffa8003cb32c0
00:07:17.775 AVAST engine scan C:\Windows
00:07:23.173 AVAST engine scan C:\Windows\system32
00:11:29.482 AVAST engine scan C:\Windows\system32\drivers
00:12:29.277 AVAST engine scan C:\Users\XXX
00:13:59.991 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
00:14:00.006 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"


aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 14:47:24
-----------------------------
14:47:24.704 OS Version: Windows x64 6.1.7600
14:47:24.704 Number of processors: 2 586 0x170A
14:47:24.704 ComputerName: XXX-PC UserName: XXX
14:47:27.419 Initialize success
14:47:27.606 AVAST engine defs: 11071800
14:47:29.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:47:29.712 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020C Size: 305245MB BusType: 11
14:47:29.868 Disk 0 MBR read successfully
14:47:29.883 Disk 0 MBR scan
14:47:29.883 Disk 0 unknown MBR code
14:47:29.883 Service scanning
14:47:35.983 Disk 0 trace - called modules:
14:47:36.014 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:47:36.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c95060]
14:47:36.014 3 CLASSPNP.SYS[fffff880010b043f] -> nt!IofCallDriver -> [0xfffffa8004c94740]
14:47:36.014 5 hpdskflt.sys[fffff880021e4189] -> nt!IofCallDriver -> [0xfffffa8004af71e0]
14:47:36.030 7 ACPI.sys[fffff88000f83781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b1f060]
14:47:37.293 AVAST engine scan C:\Windows
14:47:51.193 AVAST engine scan C:\Windows\system32
14:50:30.329 AVAST engine scan C:\Windows\system32\drivers
14:50:56.849 AVAST engine scan C:\Users\XXX
15:05:48.671 AVAST engine scan C:\ProgramData
15:08:50.724 Scan finished successfully
15:13:41.860 Verifying
15:13:51.906 Disk 0 Windows 601 MBR fixed successfully
15:15:38.392 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
15:15:38.642 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"





Ran sigverif, but there were no results? It basically said "done" and that was it.




VEW System

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/07/2011 10:20:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/07/2011 4:46:44 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/07/2011 1:22:45 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WinUSB failed to load for the device USB\VID_138A&PID_0001\5&364726f0&0&2.

Log: 'System' Date/Time: 18/07/2011 10:32:22 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/07/2011 10:32:22 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll


VEW Application

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/07/2011 10:20:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/07/2011 4:53:30 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 19/07/2011 4:52:29 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 19/07/2011 2:22:00 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 19/07/2011 2:21:52 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/07/2011 4:46:49 AM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the DisplayLock method on event class {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} for publisher and subscriber . The subscriber failed to respond within 180 seconds. The display name of the subscription is "Explorer". The HRESULT was 800705b4.
  • 0

Advertisements


#11
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
P.S. I am uninstalling Zone Alarm and replacing it per your suggestion. You might have noticed I already switched from Avira to Avast. Thanks.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Your logs look pretty good now. Are there any problems left?

Ron
  • 0

#13
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
Things seem to be running just fine. Actually, faster than before (and I didn't really find it slow before).

If you don't mind, could you tell me what was wrong? Everything I read about the initial trojan was pretty scary. It is advised in some places to change all passwords and even to re-install the operating system.

Thanks!
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Changing passwords on any online accounts you may have used while infected is certainly a good idea. Pay special attention to your bank and credit card statements to make sure there is nothing unusual in them. It's hard to say exactly what a piece of malware does and in your case it was mostly gone by the time we started working on it. A backdoor allows an intruder to enter your system remotely and once he's in there is no telling what he may have looked at or changed. Sometimes they just make your PC a member of a botnet which they can use to do a denial of service attack on another site.

We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a Cleanup tab. If you run OTL and choose the Cleanup it will remove itself and its logs.


To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


You do not have the latest Java (Java 6 Update 24 or maybe even 25 by now). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
praxidice

praxidice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts
While I was running the ComboFix uninstall, several alerts popped up from Online Armor. Most of them had what I thought was the ComboFix extension -- .cfxxe -- so I allowed them.

But then, Online Armor kept giving alerts even after ComboFix had apparently uninstalled.

Then an alert popped up saying that my antivirus should be disabled for ComboFix to continue.

This looks bad... I don't think this is ComboFix talking.

Sorry if I screwed something up!

Here are the programs that I allowed thinking it was ComboFix:


Created: 7/19/2011 8:00:15 PM
Summary: Program Guard: handle.cfxxe -> handle64.exe
Description: C:\32788R22FWJFW\handle.cfxxe wants to create executable file C:\32788R22FWJFW\handle64.exe
Event type: Suspicious file(13)
Event action: Allowed(2)

Created: 7/19/2011 7:59:37 PM
Summary: Program Guard: handle.cfxxe
Description: C:\32788R22FWJFW\cmd.cfxxe -> C:\32788R22FWJFW\handle.cfxxe
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/19/2011 7:59:35 PM
Summary: Program Guard: rmbr.cfxxe
Description: C:\32788R22FWJFW\cmd.cfxxe -> C:\32788R22FWJFW\rmbr.cfxxe
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/19/2011 7:59:33 PM
Summary: Program Guard: swsc.cfxxe
Description: C:\32788R22FWJFW\cmd.cfxxe -> C:\32788R22FWJFW\swsc.cfxxe
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/19/2011 7:59:22 PM
Summary: Program Guard: chcp.com
Description: C:\Windows\SysWOW64\chcp.com was trusted by dictionary.
Event type: Program Guard(22)
Event action: Trusted(6)

Created: 7/19/2011 7:59:22 PM
Summary: Program Guard: chcp.com
Description: C:\Windows\system32\chcp.com was trusted by dictionary.
Event type: Program Guard(22)
Event action: Trusted(6)

Created: 7/19/2011 7:59:07 PM
Summary: Program Guard: grep.cfxxe
Description: C:\32788R22FWJFW\cmd.cfxxe -> C:\32788R22FWJFW\grep.cfxxe
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/19/2011 7:58:54 PM
Summary: Program Guard: sed.cfxxe
Description: C:\32788R22FWJFW\cmd.cfxxe -> C:\32788R22FWJFW\sed.cfxxe
Event type: Program Guard(9)
Event action: Allowed(2)

Created: 7/19/2011 7:58:41 PM
Summary: Program Guard: swreg.cfxxe
Description: C:\32788R22FWJFW\cmd.cfxxe -> C:\32788R22FWJFW\swreg.cfxxe
Event type: Program Guard(9)
Event action: Allowed(2)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP