Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lots of problems after supposed malware removal


  • Please log in to reply

#1
dlech

dlech

    New Member

  • Member
  • Pip
  • 6 posts
About a month ago, I had a malware infection that took over my computer and made it unbootable. I had to restore my computer and I lost all of my data, etc. and it went back to factory settings and software.

Since then, I've had lots of problems and quirky behavior. For example, my internet security settings seem to keep changing. Also, I am sometimes unable to run programs. I cannot download and run Google Chrome, Malwarebytes, or Foxfire but I was able to download and run OTL and CCleaner. I installed Microsoft Security Basics, but I cannot get Nortons to uninstall. I am getting regular Java errors that show up as text files on my desktop.

I ran "sfc /scannow" per directions in one of your posts. It said that there were some corrupted files that the service could not fix, but I could not find the log that was created.

I have pasted my OTL log below. Please let me know if you need more information from me. My computer runs Windows 7 Home Premium 64-bit.


OTL logfile created on: 7/14/2011 9:00:57 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dave\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.52% Memory free
7.92 Gb Paging File | 5.89 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 242.28 Gb Free Space | 85.49% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 21:00:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
PRC - [2011/06/17 09:40:35 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/16 16:14:12 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/13 16:10:32 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/07/16 11:59:00 | 000,648,432 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (SafeList) ==========

MOD - [2011/07/14 21:00:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imagehlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/04/14 18:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/13 16:10:32 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/13 16:08:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/16 11:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/18 17:13:54 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/06/17 09:16:05 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/09/13 16:10:33 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/09/13 16:10:33 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/09/13 16:10:33 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009/09/13 16:10:33 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009/09/13 16:10:33 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009/09/13 16:10:33 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/09/13 16:10:33 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/06/25 02:50:26 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110625.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/06/18 09:10:02 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 21:01:46 | 000,000,000 | ---D | C] -- C:\f65a1380734797bdc37e94b82bc1a7
[2011/07/14 21:00:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
[2011/07/14 20:57:16 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\dave\Desktop\OTM.exe
[2011/07/14 20:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/14 20:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/14 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/07/14 20:16:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/07/14 20:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/14 20:09:38 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Deployment
[2011/07/07 03:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/06 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\dave\Tracing
[2011/07/04 03:18:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/03 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/03 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/03 13:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/22 03:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/20 17:04:56 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\CyberLink
[2011/06/19 17:11:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/19 17:11:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/18 15:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/06/18 15:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/18 15:07:25 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2011/06/18 03:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/06/18 03:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/06/17 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Adobe
[2011/06/17 09:18:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Norton Support
[2011/06/17 09:17:02 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Symantec
[2011/06/17 09:16:10 | 000,031,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2011/06/17 09:16:06 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/17 09:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/16 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Macrovision
[2011/06/16 16:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StumbleUpon
[2011/06/16 16:15:24 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\RoboForm
[2011/06/16 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2011/06/16 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/06/16 16:14:29 | 000,000,000 | ---D | C] -- C:\Users\dave\Documents\My RoboForm Data
[2011/06/16 16:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2011/06/16 09:07:42 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Macromedia
[2011/06/16 09:07:40 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Adobe
[2011/06/15 22:00:49 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Diagnostics
[2011/06/15 21:59:18 | 000,000,000 | ---D | C] -- C:\Emergency
[2011/06/15 21:47:12 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/06/15 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\dave\My Backup Files
[2011/06/15 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\SoftThinks
[2011/06/15 21:14:58 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Template
[2011/06/15 21:12:33 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Dell
[2011/06/15 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Stardock_Corporation
[2011/06/15 21:11:36 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\SupportSoft
[2011/06/15 21:11:02 | 000,000,000 | R--D | C] -- C:\Users\dave\Searches
[2011/06/15 21:11:02 | 000,000,000 | R--D | C] -- C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/15 21:11:01 | 000,000,000 | -H-D | C] -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/15 21:10:49 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Identities
[2011/06/15 21:10:36 | 000,000,000 | R--D | C] -- C:\Users\dave\Contacts
[2011/06/15 21:10:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/15 21:10:32 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\VirtualStore
[2011/06/15 21:09:44 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2011/06/15 21:07:10 | 000,000,000 | --SD | C] -- C:\Users\dave\AppData\Roaming\Microsoft
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Videos
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Saved Games
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Pictures
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Music
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Links
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Favorites
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Downloads
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Documents
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\Desktop
[2011/06/15 21:07:10 | 000,000,000 | R--D | C] -- C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\AppData\Local\Temporary Internet Files
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Templates
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Start Menu
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\SendTo
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Recent
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\PrintHood
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\NetHood
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Documents\My Videos
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Documents\My Pictures
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Documents\My Music
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\My Documents
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Local Settings
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\AppData\Local\History
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Cookies
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\Application Data
[2011/06/15 21:07:10 | 000,000,000 | -HSD | C] -- C:\Users\dave\AppData\Local\Application Data
[2011/06/15 21:07:10 | 000,000,000 | -H-D | C] -- C:\Users\dave\AppData
[2011/06/15 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Microsoft
[2011/06/15 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Media Center Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 21:03:53 | 000,743,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/14 21:03:53 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/14 21:03:53 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/14 21:00:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
[2011/07/14 20:57:24 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTM.exe
[2011/07/14 20:46:07 | 001,306,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\Cat.DB
[2011/07/14 20:38:00 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 20:38:00 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 20:30:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/14 20:30:05 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/03 13:23:40 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/03 13:23:27 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/25 04:55:17 | 000,319,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/20 17:36:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/06/19 03:00:40 | 001,235,036 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\Cat.DB
[2011/06/18 17:13:54 | 000,583,296 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys
[2011/06/18 17:13:51 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\isolate.ini
[2011/06/17 09:16:05 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/17 09:16:05 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/17 09:16:05 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/16 09:07:32 | 000,001,443 | ---- | M] () -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/15 22:04:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/15 22:04:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/15 21:21:49 | 000,000,478 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2011/06/15 21:14:57 | 000,000,000 | ---- | M] () -- C:\Users\dave\AppData\Roaming\wklnhst.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/03 13:23:40 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/03 13:23:27 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/03 13:23:12 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/20 17:36:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/06/17 09:16:06 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/17 09:16:06 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/06/16 09:07:32 | 000,001,443 | ---- | C] () -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/15 22:02:18 | 3190,050,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/15 21:21:49 | 000,000,478 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2011/06/15 21:14:57 | 000,000,000 | ---- | C] () -- C:\Users\dave\AppData\Roaming\wklnhst.dat
[2011/06/15 21:11:15 | 000,001,415 | ---- | C] () -- C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/06/15 21:11:04 | 000,001,449 | ---- | C] () -- C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/15 21:07:24 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/06/15 21:07:10 | 000,000,290 | ---- | C] () -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/15 21:07:10 | 000,000,272 | ---- | C] () -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/09/13 18:41:19 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/13 18:41:18 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/13 18:41:18 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/09/13 18:41:16 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/13 16:17:06 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/16 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\dave\AppData\Roaming\RoboForm
[2011/06/15 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\dave\AppData\Roaming\Template
[2009/07/14 01:08:49 | 000,010,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Download and save the Norton Removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool.

MSSE should only be installed on a clean system so

Download and Save the installer for the free Avast.
http://www.avast.com...ivirus-download

Uninstall MSSE. Reboot. Install Avast (Right click and Run As Administrator.)

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.


Download aswMBR.exe ( 511KB ) to your desktop.



Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
dlech

dlech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks so much for the help, Ron!! Logs follow in the order they were run:

aswMBR version 0.9.7.753 Copyright© 2011 AVAST Software
Run date: 2011-07-16 13:40:24
-----------------------------
13:40:24.809 OS Version: Windows x64 6.1.7600
13:40:24.809 Number of processors: 2 586 0x170A
13:40:24.809 ComputerName: DAVE-PC UserName: dave
13:40:25.994 Initialize success
13:40:26.291 AVAST engine defs: 11071600
13:40:27.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:40:27.866 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
13:40:27.882 Device \Driver\iaStor -> MajorFunction fffffa80045b36c0
13:40:29.894 Disk 0 MBR read successfully
13:40:29.894 Disk 0 MBR scan
13:40:29.894 Disk 0 MBR:Alureon-G [Rtk]
13:40:29.910 Disk 0 [email protected] code has been found
13:40:29.910 Disk 0 MBR hidden
13:40:29.910 Disk 0 MBR [TDL4] **ROOTKIT**
13:40:29.926 Disk 0 trace - called modules:
13:40:29.926 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80045b36c0]<<
13:40:29.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800445f2d0]
13:40:29.941 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004124050]
13:40:30.440 \Driver\iaStor[0xfffffa8004461660] -> IRP_MJ_CREATE -> 0xfffffa80045b36c0
13:40:31.330 AVAST engine scan C:\Windows
13:41:39.391 Disk 0 MBR has been saved successfully to "C:\Users\dave\Desktop\MBR.dat"
13:41:39.407 The log file has been saved successfully to "C:\Users\dave\Desktop\aswMBR.txt"
14:17:22.371 AVAST engine scan C:\Users\dave
14:20:05.422 AVAST engine scan C:\ProgramData
14:21:06.762 Scan finished successfully
14:30:02.264 Disk 0 MBR has been saved successfully to "C:\Users\dave\Desktop\MBR.dat"
14:30:02.264 The log file has been saved successfully to "C:\Users\dave\Desktop\aswMBR.txt"


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 152):
0x0284F000 \SystemRoot\system32\ntoskrnl.exe
0x02806000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00C8F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CD3000 \SystemRoot\system32\PSHED.dll
0x00CE7000 \SystemRoot\system32\CLFS.SYS
0x00E90000 \SystemRoot\system32\CI.dll
0x00F50000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E0F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E66000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E6F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D45000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E79000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D78000 \SystemRoot\System32\drivers\partmgr.sys
0x00E86000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FF4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00D8D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00DA2000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
0x01095000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011B1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0125A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C1A000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014AD000 \SystemRoot\System32\Drivers\cng.sys
0x01520000 \SystemRoot\System32\drivers\pcw.sys
0x01531000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0167A000 \SystemRoot\system32\drivers\ndis.sys
0x0176C000 \SystemRoot\system32\drivers\NETIO.SYS
0x017CC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0153B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
0x01587000 \SystemRoot\System32\drivers\rdyboost.sys
0x01652000 \SystemRoot\System32\Drivers\mup.sys
0x01664000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015C1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x01416000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03A55000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x03AED000 \SystemRoot\System32\Drivers\Null.SYS
0x03AF6000 \SystemRoot\System32\Drivers\Beep.SYS
0x03AFD000 \SystemRoot\System32\drivers\vga.sys
0x03B0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03B30000 \SystemRoot\System32\drivers\watchdog.sys
0x03B40000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03B49000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03B52000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03B5B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03B66000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03B77000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03B95000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03BA2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02C2A000 \SystemRoot\system32\drivers\afd.sys
0x03BB0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03BBA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A09000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A45000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01454000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CFA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D4B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D57000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D62000 \SystemRoot\System32\drivers\discache.sys
0x03D71000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D8F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DA0000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03EB5000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x048C2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x049B6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0480D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04863000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04874000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A0D000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04CB5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04CC2000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04D26000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04D44000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x04D80000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04D8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04D9E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04DA3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04DAC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04DC2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04DD2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04898000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04DE8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x045B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03E3B000 \SystemRoot\system32\DRIVERS\ks.sys
0x03E7E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03C26000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03E90000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05C96000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x05D11000 \SystemRoot\system32\DRIVERS\portcls.sys
0x05D4E000 \SystemRoot\system32\DRIVERS\drmk.sys
0x05D70000 \SystemRoot\system32\drivers\ksthunk.sys
0x05D76000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x05DB0000 \SystemRoot\System32\Drivers\USBD.SYS
0x05DB2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05DCF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05C00000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x05C2B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05C39000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05C52000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05C5B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05C68000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02CB3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05C76000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05C89000 \SystemRoot\System32\drivers\Dxapi.sys
0x03EA5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x03C80000 \SystemRoot\system32\drivers\luafv.sys
0x03CA3000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x04DF6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x03CDD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02629000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0267C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0268F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x026A7000 \SystemRoot\system32\drivers\HTTP.sys
0x0276F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0278D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x027A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03467000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x034B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x034D8000 \SystemRoot\system32\drivers\peauth.sys
0x0357E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03589000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x035B6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x046CB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04734000 \SystemRoot\System32\DRIVERS\srv.sys
0x04600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04636000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x046B0000 \??\C:\Users\dave\AppData\Local\Temp\aswMBR.sys
0x76F80000 \WINDOWS\System32\ntdll.dll
0x480E0000 \WINDOWS\System32\smss.exe
0xFF2A0000 \WINDOWS\System32\apisetschema.dll

Processes (total 65):
0 System Idle Process
4 System
352 C:\WINDOWS\System32\smss.exe
480 csrss.exe
524 csrss.exe
532 C:\WINDOWS\System32\wininit.exe
568 C:\WINDOWS\System32\winlogon.exe
644 C:\WINDOWS\System32\services.exe
652 C:\WINDOWS\System32\lsass.exe
660 C:\WINDOWS\System32\lsm.exe
772 C:\WINDOWS\System32\svchost.exe
868 C:\WINDOWS\System32\svchost.exe
952 C:\WINDOWS\System32\svchost.exe
992 C:\WINDOWS\System32\svchost.exe
408 C:\WINDOWS\System32\svchost.exe
396 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
1040 C:\WINDOWS\System32\svchost.exe
1100 C:\Program Files\Dell\DellDock\DockLogin.exe
1144 C:\WINDOWS\System32\svchost.exe
1228 C:\WINDOWS\System32\wlanext.exe
1236 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
1248 C:\WINDOWS\System32\conhost.exe
1316 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
1332 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1632 C:\WINDOWS\System32\spoolsv.exe
1672 C:\WINDOWS\System32\svchost.exe
1904 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1980 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1092 C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
1388 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2408 C:\WINDOWS\System32\svchost.exe
2428 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
2588 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1752 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
2964 C:\WINDOWS\System32\svchost.exe
1268 C:\WINDOWS\System32\SearchIndexer.exe
2076 C:\WINDOWS\System32\taskhost.exe
696 C:\WINDOWS\System32\dwm.exe
2852 C:\WINDOWS\explorer.exe
2824 C:\Program Files\DellTPad\Apoint.exe
2756 C:\Program Files\IDT\WDM\sttray64.exe
2900 C:\WINDOWS\System32\igfxtray.exe
1776 C:\WINDOWS\System32\hkcmd.exe
2892 C:\WINDOWS\System32\igfxpers.exe
2708 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
672 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
3052 C:\WINDOWS\System32\igfxsrvc.exe
3076 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3112 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3120 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3620 C:\WINDOWS\System32\wuauclt.exe
3736 C:\Program Files\DellTPad\ApMsgFwd.exe
3800 C:\Program Files\DellTPad\hidfind.exe
3868 C:\Program Files\DellTPad\ApntEx.exe
3924 C:\WINDOWS\System32\conhost.exe
3088 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2868 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3468 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
4836 C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
2092 C:\WINDOWS\System32\audiodg.exe
2040 C:\WINDOWS\System32\SearchProtocolHost.exe
4580 C:\WINDOWS\System32\SearchFilterHost.exe
3848 C:\Users\dave\Desktop\MBRCheck.exe
4292 Sf.bin
3768 C:\WINDOWS\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 731B8428C15F37E5538CC73EB749F951D0122D49


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

OTL logfile created on: 7/16/2011 2:31:57 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dave\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.71% Memory free
7.92 Gb Paging File | 5.91 Gb Available in Paging File | 74.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 243.04 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/16 13:42:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/17 09:40:35 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/16 16:14:12 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/16 11:59:00 | 000,648,432 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (SafeList) ==========

MOD - [2011/07/16 13:42:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\imagehlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/04/14 18:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/13 16:08:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/16 11:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 13:42:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
[2011/07/16 13:39:47 | 001,906,688 | ---- | C] (AVAST Software) -- C:\Users\dave\Desktop\aswMBR.exe
[2011/07/16 12:32:15 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/16 12:32:15 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/16 12:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/16 12:32:13 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/16 12:32:13 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/16 12:32:11 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/16 12:32:08 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/16 12:32:08 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/16 12:31:13 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/16 12:31:12 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/16 12:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/16 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/16 03:14:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2011/07/14 20:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/14 20:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/14 20:24:10 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/07/14 20:24:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/14 20:24:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/14 20:24:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/14 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/07/14 20:16:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/07/14 20:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/14 20:09:38 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Deployment
[2011/07/07 03:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/06 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\dave\Tracing
[2011/07/04 03:18:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/03 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/03 13:22:48 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/06/25 04:51:11 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/25 04:51:11 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/06/25 04:50:42 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/06/25 04:50:42 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/06/25 04:50:42 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/06/25 04:50:42 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/06/25 04:50:42 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/06/25 04:50:42 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/06/25 04:50:42 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/06/25 04:50:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/06/25 04:50:16 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/06/25 04:50:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/06/25 04:49:24 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/06/25 04:48:53 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/06/25 04:48:53 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/06/25 04:48:53 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/06/25 04:48:53 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/06/25 04:48:53 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/06/25 04:48:53 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/06/25 04:48:53 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/06/25 04:48:53 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011/06/25 04:48:23 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/06/25 04:47:22 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011/06/25 04:47:21 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011/06/25 04:47:18 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/06/25 04:47:18 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/06/25 04:47:17 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/06/25 04:47:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/06/25 04:46:51 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2011/06/25 04:46:51 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2011/06/25 04:46:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2011/06/25 04:46:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2011/06/25 04:46:51 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2011/06/25 04:46:51 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2011/06/25 04:46:51 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2011/06/25 04:46:51 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2011/06/25 04:46:51 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2011/06/25 04:46:51 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2011/06/25 04:46:51 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2011/06/25 04:46:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2011/06/25 04:46:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2011/06/25 04:46:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2011/06/25 04:46:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2011/06/25 04:46:50 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2011/06/25 04:45:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/06/25 04:45:22 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/06/25 04:45:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/06/25 04:45:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/06/25 04:45:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/06/25 04:45:02 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/06/25 04:45:02 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/06/25 04:45:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/06/25 04:45:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/06/25 04:43:35 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/06/25 04:43:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/06/25 04:42:53 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/06/25 04:42:53 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/06/25 04:42:52 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/06/25 04:42:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/25 04:42:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/25 04:42:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/25 04:42:18 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/25 04:42:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/25 04:42:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/25 04:42:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/25 04:42:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/25 04:42:16 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/25 04:42:16 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/25 04:42:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/25 04:42:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/25 04:42:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/25 04:42:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/25 04:41:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/06/25 04:41:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/25 04:41:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/25 04:41:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/25 04:41:05 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/06/25 04:41:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/06/25 04:41:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/06/25 04:41:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/06/25 04:41:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/06/25 04:41:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/06/25 04:41:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/06/25 04:41:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/06/25 04:40:59 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/06/25 04:40:59 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/06/25 04:40:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011/06/25 04:40:50 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/06/25 04:40:50 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/06/25 04:40:50 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/06/25 04:40:50 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/06/25 04:40:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/06/25 04:40:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/06/25 04:40:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/06/25 04:40:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/06/25 04:40:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/06/25 04:40:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/06/25 04:40:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2011/06/25 04:40:42 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/06/22 03:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/20 17:04:56 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\CyberLink
[2011/06/20 03:03:03 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/06/20 03:03:03 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/06/20 03:03:03 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/06/20 03:03:03 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/06/20 03:03:03 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/06/20 03:03:02 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/06/20 03:03:02 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/06/20 03:03:02 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/06/19 17:11:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/19 17:11:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/19 07:34:56 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/06/19 07:34:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/06/19 04:14:30 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/06/19 04:10:32 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2011/06/19 04:10:32 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2011/06/19 04:10:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2011/06/19 04:10:31 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2011/06/18 15:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/06/18 15:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/18 03:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/06/17 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Adobe
[2011/06/17 09:40:35 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 09:18:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Norton Support
[2011/06/17 09:17:02 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\Symantec
[2011/06/17 09:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/16 16:32:36 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Macrovision
[2011/06/16 16:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StumbleUpon
[2011/06/16 16:15:24 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\RoboForm
[2011/06/16 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2011/06/16 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/06/16 16:14:29 | 000,000,000 | ---D | C] -- C:\Users\dave\Documents\My RoboForm Data
[2011/06/16 16:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/16 14:30:02 | 000,000,512 | ---- | M] () -- C:\Users\dave\Desktop\MBR.dat
[2011/07/16 13:42:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dave\Desktop\OTL.exe
[2011/07/16 13:40:13 | 000,080,384 | ---- | M] () -- C:\Users\dave\Desktop\MBRCheck.exe
[2011/07/16 13:39:47 | 001,906,688 | ---- | M] (AVAST Software) -- C:\Users\dave\Desktop\aswMBR.exe
[2011/07/16 13:39:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/16 13:39:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/16 13:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/16 12:54:04 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 12:32:15 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/16 12:32:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/16 12:27:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/16 12:27:02 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/16 12:27:02 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/16 12:24:01 | 056,167,608 | ---- | M] () -- C:\Users\dave\Desktop\setup_av_free.exe
[2011/07/16 12:22:07 | 001,306,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008000.029\Cat.DB
[2011/07/14 20:23:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/07/14 20:23:56 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/14 20:23:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/14 20:23:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 07:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/03 13:23:27 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/25 04:55:17 | 000,319,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/22 03:59:11 | 000,737,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/20 17:36:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/06/19 03:00:40 | 001,235,036 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\Cat.DB
[2011/06/17 09:40:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 13:41:39 | 000,000,512 | ---- | C] () -- C:\Users\dave\Desktop\MBR.dat
[2011/07/16 13:40:09 | 000,080,384 | ---- | C] () -- C:\Users\dave\Desktop\MBRCheck.exe
[2011/07/16 12:32:15 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/16 12:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/07/16 12:23:59 | 056,167,608 | ---- | C] () -- C:\Users\dave\Desktop\setup_av_free.exe
[2011/07/03 13:23:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/03 13:23:27 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/20 17:36:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/06/15 21:14:57 | 000,000,000 | ---- | C] () -- C:\Users\dave\AppData\Roaming\wklnhst.dat
[2009/09/13 18:41:19 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/13 18:41:18 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/13 18:41:18 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/09/13 18:41:16 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/13 16:17:06 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

OTL Extras logfile created on: 7/16/2011 2:31:57 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dave\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.71% Memory free
7.92 Gb Paging File | 5.91 Gb Available in Paging File | 74.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 243.04 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AI RoboForm" = RoboForm 7-3-2 (All Users)
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2011 9:32:56 PM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IAANTMon.exe, version: 8.9.0.1023, time
stamp: 0x4a287cc7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x73376a34 Faulting process id: 0x4b4 Faulting application
start time: 0x01cc428671f15123 Faulting application path: C:\Program Files (x86)\Intel\Intel
Matrix Storage Manager\IAANTMon.exe Faulting module path: unknown Report Id: 5cffbd4b-ae82-11e0-80b7-002564583670

Error - 7/14/2011 9:33:01 PM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: sprtsvc.exe, version: 7.0.1438.0, time
stamp: 0x49334e4e Faulting module name: sprtsvc.exe, version: 7.0.1438.0, time stamp:
0x49334e4e Exception code: 0xc0000005 Fault offset: 0x000098ad Faulting process id:
0xd58 Faulting application start time: 0x01cc4286bda4a00d Faulting application path:
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe Faulting module path:
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe Report Id: 600a1f44-ae82-11e0-80b7-002564583670

Error - 7/15/2011 3:39:12 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
stamp: 0x4ba1da21 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x74466a34 Faulting process id: 0x136c Faulting application
start time: 0x01cc42beb2333202 Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting
module path: unknown Report Id: 87bff2d7-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:13 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DockLogin.exe, version: 6.1.0.0, time stamp:
0x48ad9601 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x74466a34 Faulting process id: 0x544 Faulting application
start time: 0x01cc429127447cdf Faulting application path: C:\Program Files\Dell\DellDock\DockLogin.exe
Faulting
module path: unknown Report Id: 88773ccc-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:15 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 108.1.1.10, time
stamp: 0x4a57bc8a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x74466a34 Faulting process id: 0x70c Faulting application
start time: 0x01cc42912ae27429 Faulting application path: C:\Program Files (x86)\Norton
Internet Security\Engine\16.8.0.41\ccSvcHst.exe Faulting module path: unknown Report
Id: 898b5c6c-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:18 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SeaPort.exe, version: 1.2.121.0, time stamp:
0x4938701a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x74466a34 Faulting process id: 0x7f4 Faulting application
start time: 0x01cc42912e3dc4ec Faulting application path: C:\Program Files (x86)\Microsoft\Search
Enhancement Pack\SeaPort\SeaPort.exe Faulting module path: unknown Report Id: 8bb85e6c-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:20 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SftService.exe, version: 1.0.82.31, time
stamp: 0x4a3f83f6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x74466a34 Faulting process id: 0x450 Faulting application
start time: 0x01cc42912eb4c9ba Faulting application path: C:\Program Files (x86)\Dell
DataSafe Local Backup\SftService.exe Faulting module path: unknown Report Id: 8c8514c3-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:22 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: sprtsvc.exe, version: 7.0.1438.0, time
stamp: 0x49334e4e Faulting module name: sprtsvc.exe, version: 7.0.1438.0, time stamp:
0x49334e4e Exception code: 0xc0000005 Fault offset: 0x000098ad Faulting process id:
0x4bc Faulting application start time: 0x01cc42912f37b569 Faulting application path:
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe Faulting module path: C:\Program
Files (x86)\Dell\DellComms\bin\sprtsvc.exe Report Id: 8e01f0ef-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:24 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IAANTMon.exe, version: 8.9.0.1023, time
stamp: 0x4a287cc7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x74466a34 Faulting process id: 0x538 Faulting application
start time: 0x01cc42912ffae63f Faulting application path: C:\Program Files (x86)\Intel\Intel
Matrix Storage Manager\IAANTMon.exe Faulting module path: unknown Report Id: 8ef9800c-aeb5-11e0-9e7a-002564583670

Error - 7/15/2011 3:39:27 AM | Computer Name = dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: sprtsvc.exe, version: 7.0.1438.0, time
stamp: 0x49334e4e Faulting module name: sprtsvc.exe, version: 7.0.1438.0, time stamp:
0x49334e4e Exception code: 0xc0000005 Fault offset: 0x000098ad Faulting process id:
0x84c Faulting application start time: 0x01cc42917dd34fca Faulting application path:
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe Faulting module path:
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe Report Id: 90f6e686-aeb5-11e0-9e7a-002564583670

[ Broadcom Wireless LAN Events ]
Error - 6/15/2011 9:12:16 PM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 21:12:16, Wed, Jun 15, 11 Error - Unable to get current user admin
status

Error - 6/15/2011 9:12:52 PM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 21:12:52, Wed, Jun 15, 11 Error - Unable to get current user admin
status

Error - 6/15/2011 9:14:30 PM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 20:14:30, Wed, Jun 15, 11 Error - Unable to switch user context, authentication
information not set correctly

Error - 6/26/2011 3:34:52 AM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 03:34:51, Sun, Jun 26, 11 Error - Unable to gain access to user store


Error - 6/27/2011 3:37:02 AM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 03:37:01, Mon, Jun 27, 11 Error - Unable to gain access to user store


Error - 6/28/2011 3:37:40 AM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 03:37:39, Tue, Jun 28, 11 Error - Unable to gain access to user store


Error - 6/29/2011 3:37:36 AM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 03:37:35, Wed, Jun 29, 11 Error - Unable to gain access to user store


Error - 6/30/2011 9:13:07 AM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 09:13:06, Thu, Jun 30, 11 Error - Unable to gain access to user store


Error - 7/3/2011 12:54:43 PM | Computer Name = dave-PC | Source = WLAN-Tray | ID = 0
Description = 12:54:42, Sun, Jul 03, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 7/14/2011 9:51:07 PM | Computer Name = dave-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2345886).

Error - 7/14/2011 9:51:07 PM | Computer Name = dave-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2533623).

Error - 7/15/2011 3:39:14 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7034
Description = The Dock Login Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/15/2011 3:39:14 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 120000 milliseconds: Restart the service.

Error - 7/15/2011 3:39:18 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 7/15/2011 3:39:19 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 7/15/2011 3:39:22 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/15/2011 3:39:24 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/15/2011 3:39:26 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/15/2011 3:39:29 AM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (DellSupportCenter) service terminated
unexpectedly. It has done this 1 time(s).


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Was the Fix button in aswMBR enabled? If so go back into aswMBR and press it. Also try

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


If it says it found and will fix the problem on reboot then reboot and run both aswMBR and TDSSKiller again and post the new logs.

Ron
  • 0

#5
dlech

dlech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Things are working better, but still getting errors when I try to install Chrome and some buggy behaviors, like it won't keep me signed in to websites.


aswMBR version 0.9.7.753 Copyright© 2011 AVAST Software
Run date: 2011-07-16 22:36:29
-----------------------------
22:36:29.629 OS Version: Windows x64 6.1.7600
22:36:29.645 Number of processors: 2 586 0x170A
22:36:29.645 ComputerName: DAVE-PC UserName: dave
22:36:30.908 Initialize success
22:36:31.033 AVAST engine defs: 11071601
22:37:37.505 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:37.505 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:37:37.551 Disk 0 MBR read successfully
22:37:37.551 Disk 0 MBR scan
22:37:37.551 Disk 0 unknown MBR code
22:37:37.567 Service scanning
22:37:38.597 Disk 0 trace - called modules:
22:37:38.597 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:37:38.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004459060]
22:37:38.612 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004102050]
22:37:39.470 AVAST engine scan C:\Windows
23:13:57.121 AVAST engine scan C:\Users\dave
23:14:27.697 AVAST engine scan C:\ProgramData
23:15:45.058 Scan finished successfully
23:26:30.181 Disk 0 MBR has been saved successfully to "C:\Users\dave\Desktop\MBR.dat"
23:26:30.181 The log file has been saved successfully to "C:\Users\dave\Desktop\aswMBR.txt"





2011/07/16 23:27:47.0599 1724 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/16 23:27:48.0145 1724 ================================================================================
2011/07/16 23:27:48.0145 1724 SystemInfo:
2011/07/16 23:27:48.0145 1724
2011/07/16 23:27:48.0145 1724 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/16 23:27:48.0145 1724 Product type: Workstation
2011/07/16 23:27:48.0145 1724 ComputerName: DAVE-PC
2011/07/16 23:27:48.0161 1724 UserName: dave
2011/07/16 23:27:48.0161 1724 Windows directory: C:\Windows
2011/07/16 23:27:48.0161 1724 System windows directory: C:\Windows
2011/07/16 23:27:48.0161 1724 Running under WOW64
2011/07/16 23:27:48.0161 1724 Processor architecture: Intel x64
2011/07/16 23:27:48.0161 1724 Number of processors: 2
2011/07/16 23:27:48.0161 1724 Page size: 0x1000
2011/07/16 23:27:48.0161 1724 Boot type: Normal boot
2011/07/16 23:27:48.0161 1724 ================================================================================
2011/07/16 23:27:48.0598 1724 Initialize success
2011/07/16 23:27:49.0877 3816 ================================================================================
2011/07/16 23:27:49.0877 3816 Scan started
2011/07/16 23:27:49.0877 3816 Mode: Manual;
2011/07/16 23:27:49.0877 3816 ================================================================================
2011/07/16 23:27:51.0515 3816 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/16 23:27:52.0077 3816 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/16 23:27:52.0654 3816 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/16 23:27:53.0215 3816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/16 23:27:53.0808 3816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/16 23:27:54.0354 3816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/16 23:27:54.0963 3816 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/16 23:27:55.0524 3816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/16 23:27:55.0774 3816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/16 23:27:56.0320 3816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/16 23:27:56.0881 3816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/16 23:27:57.0115 3816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/16 23:27:57.0349 3816 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/16 23:27:57.0849 3816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/16 23:27:58.0379 3816 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/16 23:27:58.0956 3816 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/16 23:27:59.0549 3816 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/16 23:27:59.0799 3816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/16 23:27:59.0877 3816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/16 23:28:00.0407 3816 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/16 23:28:00.0953 3816 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/16 23:28:01.0499 3816 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/07/16 23:28:02.0107 3816 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/07/16 23:28:02.0669 3816 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/07/16 23:28:03.0215 3816 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/07/16 23:28:03.0777 3816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/16 23:28:04.0011 3816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/16 23:28:04.0603 3816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/16 23:28:05.0165 3816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/16 23:28:05.0711 3816 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/16 23:28:06.0382 3816 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/16 23:28:07.0053 3816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/16 23:28:07.0645 3816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/16 23:28:08.0160 3816 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/16 23:28:08.0675 3816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/16 23:28:08.0800 3816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/16 23:28:08.0909 3816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/16 23:28:09.0408 3816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/16 23:28:09.0970 3816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/16 23:28:10.0141 3816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/16 23:28:10.0687 3816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/16 23:28:10.0921 3816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/16 23:28:11.0031 3816 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/16 23:28:11.0561 3816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/16 23:28:12.0029 3816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/16 23:28:12.0622 3816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/16 23:28:12.0809 3816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/16 23:28:13.0043 3816 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/16 23:28:13.0589 3816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/16 23:28:14.0166 3816 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/16 23:28:14.0743 3816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/16 23:28:15.0336 3816 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/16 23:28:15.0913 3816 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
2011/07/16 23:28:16.0506 3816 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/16 23:28:16.0647 3816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/16 23:28:16.0756 3816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/16 23:28:17.0333 3816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/16 23:28:17.0848 3816 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/16 23:28:18.0472 3816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/16 23:28:19.0143 3816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/16 23:28:19.0657 3816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/16 23:28:20.0250 3816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/16 23:28:20.0781 3816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/16 23:28:21.0342 3816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/16 23:28:21.0888 3816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/16 23:28:22.0387 3816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/16 23:28:22.0590 3816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/16 23:28:22.0668 3816 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/16 23:28:23.0183 3816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/16 23:28:23.0682 3816 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/16 23:28:24.0259 3816 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/16 23:28:24.0805 3816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/16 23:28:25.0383 3816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/16 23:28:25.0960 3816 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/16 23:28:26.0490 3816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/16 23:28:26.0662 3816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/16 23:28:26.0740 3816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/16 23:28:27.0286 3816 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/16 23:28:27.0832 3816 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/16 23:28:28.0050 3816 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/16 23:28:28.0596 3816 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/16 23:28:29.0095 3816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/16 23:28:29.0657 3816 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/16 23:28:30.0234 3816 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/16 23:28:30.0967 3816 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/16 23:28:31.0654 3816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/16 23:28:31.0779 3816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/16 23:28:31.0857 3816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/16 23:28:32.0387 3816 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/16 23:28:32.0917 3816 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/16 23:28:33.0417 3816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/16 23:28:33.0963 3816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/16 23:28:34.0462 3816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/16 23:28:35.0008 3816 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/16 23:28:35.0569 3816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/16 23:28:36.0115 3816 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/16 23:28:36.0271 3816 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/16 23:28:36.0365 3816 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/16 23:28:36.0895 3816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/16 23:28:37.0441 3816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/16 23:28:37.0987 3816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/16 23:28:38.0502 3816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/16 23:28:38.0689 3816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/16 23:28:39.0204 3816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/16 23:28:39.0781 3816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/16 23:28:39.0906 3816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/16 23:28:40.0015 3816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/16 23:28:40.0546 3816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/16 23:28:40.0749 3816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/16 23:28:40.0827 3816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/16 23:28:41.0326 3816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/16 23:28:41.0872 3816 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/16 23:28:42.0418 3816 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/16 23:28:42.0933 3816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/16 23:28:43.0167 3816 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/16 23:28:43.0401 3816 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/16 23:28:43.0947 3816 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/16 23:28:44.0477 3816 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/16 23:28:44.0664 3816 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/16 23:28:44.0711 3816 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/16 23:28:45.0257 3816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/16 23:28:45.0382 3816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/16 23:28:45.0460 3816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/16 23:28:46.0021 3816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/16 23:28:46.0146 3816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/16 23:28:46.0255 3816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/16 23:28:46.0474 3816 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/16 23:28:47.0004 3816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/16 23:28:47.0519 3816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/16 23:28:48.0003 3816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/16 23:28:48.0517 3816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/16 23:28:49.0079 3816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/16 23:28:49.0641 3816 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/16 23:28:50.0218 3816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/16 23:28:50.0421 3816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/16 23:28:50.0530 3816 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/16 23:28:50.0608 3816 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/16 23:28:51.0091 3816 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/16 23:28:51.0653 3816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/16 23:28:52.0199 3816 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/16 23:28:52.0792 3816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/16 23:28:52.0948 3816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/16 23:28:53.0026 3816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/16 23:28:53.0572 3816 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/16 23:28:54.0118 3816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/16 23:28:54.0664 3816 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/16 23:28:55.0210 3816 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/16 23:28:55.0771 3816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/16 23:28:55.0943 3816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/16 23:28:56.0037 3816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/16 23:28:56.0551 3816 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/16 23:28:57.0097 3816 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/16 23:28:57.0643 3816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/16 23:28:57.0815 3816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/16 23:28:57.0862 3816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/16 23:28:57.0924 3816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/16 23:28:58.0595 3816 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/16 23:28:58.0720 3816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/16 23:28:59.0016 3816 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/16 23:28:59.0781 3816 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/16 23:29:00.0545 3816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/16 23:29:01.0403 3816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/16 23:29:02.0136 3816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/16 23:29:02.0776 3816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/16 23:29:03.0431 3816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/16 23:29:04.0117 3816 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/16 23:29:04.0851 3816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/16 23:29:05.0677 3816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/16 23:29:06.0395 3816 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/16 23:29:07.0050 3816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/16 23:29:07.0690 3816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/16 23:29:08.0361 3816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/16 23:29:09.0118 3816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/16 23:29:09.0788 3816 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/16 23:29:10.0662 3816 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/16 23:29:11.0395 3816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/16 23:29:12.0191 3816 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/16 23:29:12.0830 3816 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/16 23:29:13.0439 3816 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/16 23:29:14.0094 3816 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/16 23:29:14.0999 3816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/16 23:29:15.0810 3816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/16 23:29:16.0434 3816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/16 23:29:17.0198 3816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/16 23:29:17.0947 3816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/16 23:29:18.0634 3816 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/16 23:29:19.0302 3816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/16 23:29:20.0035 3816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/16 23:29:20.0737 3816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/16 23:29:21.0486 3816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/16 23:29:22.0126 3816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/16 23:29:22.0859 3816 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/07/16 23:29:23.0623 3816 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/16 23:29:24.0434 3816 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/16 23:29:25.0292 3816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/16 23:29:26.0135 3816 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/16 23:29:26.0790 3816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/16 23:29:27.0445 3816 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/16 23:29:28.0147 3816 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/16 23:29:28.0912 3816 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/16 23:29:29.0536 3816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/16 23:29:30.0128 3816 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/16 23:29:30.0737 3816 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/16 23:29:31.0376 3816 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/16 23:29:32.0047 3816 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/16 23:29:32.0718 3816 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/16 23:29:33.0436 3816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/16 23:29:34.0060 3816 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/16 23:29:34.0871 3816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/16 23:29:35.0713 3816 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/16 23:29:36.0400 3816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/16 23:29:37.0008 3816 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/16 23:29:37.0663 3816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/16 23:29:38.0506 3816 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/16 23:29:39.0239 3816 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/16 23:29:39.0879 3816 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/16 23:29:40.0627 3816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/16 23:29:41.0267 3816 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/16 23:29:41.0860 3816 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/16 23:29:42.0655 3816 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/16 23:29:43.0248 3816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/16 23:29:43.0997 3816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/16 23:29:44.0637 3816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/16 23:29:45.0229 3816 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/16 23:29:45.0963 3816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/16 23:29:46.0618 3816 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/16 23:29:47.0335 3816 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/16 23:29:48.0053 3816 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/16 23:29:48.0724 3816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/16 23:29:49.0410 3816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/16 23:29:50.0159 3816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/16 23:29:50.0923 3816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/16 23:29:51.0516 3816 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 23:29:51.0563 3816 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/16 23:29:52.0296 3816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/16 23:29:53.0014 3816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/16 23:29:53.0825 3816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/16 23:29:54.0480 3816 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/16 23:29:55.0213 3816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/16 23:29:56.0009 3816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/16 23:29:56.0664 3816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/16 23:29:57.0366 3816 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/16 23:29:58.0037 3816 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/16 23:29:58.0099 3816 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/16 23:29:58.0115 3816 Boot (0x1200) (d6f66a4799a81078eee3eb4855343d7a) \Device\Harddisk0\DR0\Partition0
2011/07/16 23:29:58.0162 3816 Boot (0x1200) (02a3696565f651b46a2f9b337cd3adbf) \Device\Harddisk0\DR0\Partition1
2011/07/16 23:29:58.0162 3816 ================================================================================
2011/07/16 23:29:58.0162 3816 Scan finished
2011/07/16 23:29:58.0162 3816 ================================================================================
2011/07/16 23:29:58.0193 3988 Detected object count: 0
2011/07/16 23:29:58.0193 3988 Actual detected object count: 0
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Can you give me the exact wording of the error you get when you try to install Chrome?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall Java™ 6 Update 14 (64-bit)


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix


:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. (Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted)


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.




1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, (All) Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.


Start, (All) Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

Try to install Chrome. Be sure and right click and Run As Administrator.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
dlech

dlech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Still working on your sequence, but have some issues and questions:

when I go to download Malwarebytes from the link in your post, it takes me to a website called "MajorGeeks.com". Is this a safe site? I am having trouble downloading mbam from there, so I tried from download.com and got it downloaded, but when I try to install it gives me the error: "Setup was unable to create the directory 'C:\Users\dave\ApData\Local\Temp\is-NABMH.tmp'. Error 5: Access is denied."

So, I tried to save a screenshot, so I pasted a copied screenshot in Paint and tried to save, and I get the error "Paint cannot save this file. Save was interrupted, so your file has not been saved". Then, the file shows up on my desktop, but when I try to open it, I get a blank Photo Viewer window with the message "Windows Photo Viewer can't open this picture because either the picture is deleted or it is in a location that is unavailable.

So, this is the kind of buggy stuff that is happening. And, the Chrome issue:
The Error Box says "Application cannot be Started. Contact the application vendor." When I click Details... a txt file containing the following appears:

PLATFORM VERSION INFO
Windows : 6.1.7600.0 (Win32NT)
Common Language Runtime : 4.0.30319.235
System.Deployment.dll : 4.0.30319.1 (RTMRel.030319-0100)
clr.dll : 4.0.30319.235 (RTMGDR.030319-2300)
dfdll.dll : 4.0.30319.1 (RTMRel.030319-0100)

SOURCES
Deployment url : http://dl.google.com...ldataindex=make

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://dl.google.com...ldataindex=make resulted in exception. Following failure messages were detected:
+ Access to the path 'C:\Users\dave\AppData\Local\Temp\Deployment' is denied.

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [7/17/2011 11:24:49 AM] : Activation of http://dl.google.com...ldataindex=make has started.

ERROR DETAILS
Following errors were detected during this operation.
* [7/17/2011 11:24:50 AM] System.UnauthorizedAccessException
- Access to the path 'C:\Users\dave\AppData\Local\Temp\Deployment' is denied.
- Source: mscorlib
- Stack trace:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj)
at System.IO.Directory.CreateDirectory(String path)
at System.Deployment.Application.SubscriptionStore..ctor(String deployPath, String tempPath, ComponentStoreType storeType)
at System.Deployment.Application.SubscriptionStore.get_CurrentUser()
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.




Finally, Windows Updates that have not been able to install tried to install last night. The result I got was:
Succeeded: 52 updates
Failed: 2 updates
Errors found:
Code 8024200D (clicking on help opened a box that essential said this error means update did not finish downloading or installing)
Code C355 (no reference to this error comes up when I click on the get help button - it's just general update help)

One of these error is because I stopped the install of Internet explorer 9, because I didn't want to deal with upgrading it while all this other stuff is going on. But, this is an improvement, becasue these 50 updates have been trying to install for weeks, and would just fail to reboot when the restart needed to happen.

Alright, I am skipping the malwarebytes bit and moving on through the rest of your advice. Thanks again, so much for your help!!!
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
majorgeeks is safe.

I've seen this before.

What appears to be happening is the folder: C:\Users\dave\AppData\Local\Temp\ has its permissions messed up so won't let you save stuff in it or its subfolders.

First make sure you can see hidden files:

Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

Now right click on Start and select Explore then navigate to C:\Users\dave\AppData\Local\

Right click on the Temp folder located in Local and select Properties then Security. Click on each entry in the list (there should be 3, more or less: System, Administrators and Dave (with the computer name tacked on)) and verify that the box for Full Control is checked. If not, click on Advanced, Owner, click on Dave down where it says change Owner to: and then OK. Then go back to the Security tab and click on Edit. Select each entry and click on Full Control and Apply. OK. Close the Properties window and then go back in and see if the changes stuck.

IF that doesn't work then: Try creating a new user and make sure the new user has admin power. Then log in as the new user and see the new user can download and run files.

Try creating a new user and make sure the new user has admin power. Then log in as the new user and see how it works.
  • 0

#9
dlech

dlech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, so I totally f****d up the ComboFix first run, I didn't read your post closely enough, and when it seemed to freeze, I messed with it, so then I ran it a second time. So, I'm not sure how helpful that's going to be for you, but I'll post what I have.

Chrome installed and things are running pretty smoothly from what I can tell so far. (fyi - Chrome does not support "run as admin", but ran ok when I just double-clicked.

Junk.txt is attached, and the rest of the logs requested are below. THANK YOU for all your help thus far!!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/17/2011 3:49:25 PM
mbam-log-2011-07-17 (15-49-25).txt

Scan type: Quick scan
Objects scanned: 180474
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Error opening file for writing: C:\32788R22FWJFW\NirCmd.cfxxe (I hit Ignore)


ComboFix 11-07-17.03 - dave 07/17/2011 15:55:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2826 [GMT -4:00]
Running from: c:\users\dave\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 19:59 . 2011-07-17 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 19:59 . 2011-07-17 19:59 -------- d-----w- c:\users\boys\AppData\Local\temp
2011-07-17 19:54 . 2011-07-17 19:54 -------- d-----w- C:\32788R22FWJFW
2011-07-17 19:31 . 2011-07-17 19:31 -------- d-----w- c:\program files (x86)\Rovio
2011-07-17 19:16 . 2011-07-17 19:16 -------- d-----w- c:\users\dave\AppData\Roaming\Malwarebytes
2011-07-17 19:16 . 2011-07-17 19:16 -------- d-----w- c:\programdata\Malwarebytes
2011-07-17 19:16 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-17 19:16 . 2011-07-17 19:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-17 19:16 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-17 15:26 . 2011-06-20 12:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D4EC8B0-248F-4087-A0B8-7C1430122489}\mpengine.dll
2011-07-17 04:36 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2011-07-17 04:35 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-07-17 04:35 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-07-17 04:35 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-17 04:35 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-07-17 04:35 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-17 04:35 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-17 04:35 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-07-17 04:30 . 2011-07-17 04:30 -------- d-----w- c:\windows\system32\SPReview
2011-07-17 04:24 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-07-17 04:20 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2011-07-17 04:20 . 2009-08-29 06:57 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2011-07-17 04:20 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-07-17 04:20 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-07-17 04:20 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-07-17 04:20 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-07-17 04:19 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-07-17 04:19 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-07-17 04:19 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-17 04:19 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-07-17 04:19 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-17 04:19 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-07-17 04:19 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-07-17 04:19 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-17 04:19 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-07-16 17:36 . 2011-06-02 06:39 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 16:32 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-16 16:32 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-16 16:32 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-16 16:32 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-16 16:32 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-16 16:32 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-16 16:32 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-16 16:31 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-16 16:31 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-16 16:31 . 2011-07-16 16:31 -------- d-----w- c:\programdata\AVAST Software
2011-07-16 16:31 . 2011-07-16 16:31 -------- d-----w- c:\program files\AVAST Software
2011-07-16 07:14 . 2009-12-19 09:02 91648 ----a-w- c:\windows\SysWow64\avifil32.dll
2011-07-15 00:24 . 2011-07-15 00:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-15 00:24 . 2011-07-15 00:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-15 00:23 . 2011-07-15 00:23 -------- d-----w- c:\program files (x86)\Java
2011-07-15 00:11 . 2011-07-15 00:11 -------- d-----w- c:\program files\CCleaner
2011-07-15 00:09 . 2011-07-15 00:09 -------- d-----w- c:\users\dave\AppData\Local\Deployment
2011-07-06 12:29 . 2011-07-15 00:11 -------- d-----w- c:\users\dave\Tracing
2011-07-03 17:55 . 2011-07-03 17:55 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-03 17:22 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-25 08:51 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-06-25 08:51 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-06-25 08:50 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-06-25 08:50 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-06-25 08:50 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-06-25 08:50 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-06-25 08:50 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-06-25 08:50 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-06-25 08:50 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-06-25 08:50 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-06-25 08:50 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-06-25 08:50 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-06-25 08:49 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-06-25 08:49 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-06-25 08:49 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-06-25 08:49 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-06-25 08:49 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-06-25 08:49 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-06-25 08:48 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-25 08:48 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2011-06-25 08:48 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-06-25 08:48 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2011-06-25 08:48 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2011-06-25 08:48 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2011-06-25 08:48 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-06-25 08:48 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-06-25 08:48 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-06-25 08:48 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2011-06-25 08:48 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-06-25 08:48 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-06-25 08:47 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-25 08:47 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-25 08:47 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2011-06-25 08:47 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2011-06-25 08:45 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-06-25 08:45 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-06-25 08:45 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-06-25 08:45 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-06-25 08:45 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-06-25 08:45 . 2009-12-13 09:46 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-06-25 08:45 . 2009-12-13 09:30 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-06-25 08:45 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-06-25 08:45 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-06-25 08:44 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-25 08:44 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-25 08:44 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-25 08:43 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-25 08:43 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-06-25 08:41 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
2011-06-25 08:40 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-25 08:40 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-06-25 08:40 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2011-06-25 08:40 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-06-25 08:40 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-25 08:40 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-06-25 08:40 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-06-25 08:40 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-06-25 08:40 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-06-25 07:11 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-06-23 07:13 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-06-23 07:13 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-06-22 07:54 . 2011-06-22 07:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-20 21:04 . 2011-06-20 21:04 -------- d-----w- c:\users\dave\AppData\Roaming\CyberLink
2011-06-20 07:04 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-06-20 07:04 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-06-20 07:04 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-20 07:04 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-06-20 07:03 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-20 07:03 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 13:40 . 2011-06-17 13:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 05:56 . 2011-07-16 12:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 23:14 . 2011-06-16 13:14 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( [email protected]_17.45.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-07-17 21:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-17 17:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-17 17:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-17 21:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-17 21:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-17 17:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-13 20:20 . 2011-07-17 17:46 32072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-17 17:46 41024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-06-16 02:03 . 2011-07-17 16:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 02:03 . 2011-07-17 19:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 02:03 . 2011-07-17 16:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-16 02:03 . 2011-07-17 19:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-17 16:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-17 19:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-20 15:36 . 2011-07-17 19:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 15:36 . 2011-07-16 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-20 15:36 . 2011-07-17 19:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-20 15:36 . 2011-07-16 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 02:24 . 2011-07-17 17:46 6910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2300740897-3426348678-2264366979-1000_UserData.bin
+ 2011-07-17 21:48 . 2011-07-17 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-17 17:44 . 2011-07-17 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-17 21:48 . 2011-07-17 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-17 17:44 . 2011-07-17 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 13:15 . 2010-03-18 13:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll
- 2009-07-14 05:01 . 2011-07-17 17:43 284136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-17 20:00 284136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-17 19:31 . 2011-07-17 19:31 100061 c:\windows\Installer\{80843623-6460-4A3E-BFE6-6C66BDAE5178}\AngryBirds.exe
- 2009-07-14 02:34 . 2011-07-17 17:06 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-07-17 17:59 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-06-07 15:15 . 2011-06-07 15:15 1269760 c:\windows\Installer\62144f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-16 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-04-14 103336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-07-16 648432]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-17 18:05:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-17 22:05
ComboFix2.txt 2011-07-17 17:54
.
Pre-Run: 268,366,020,608 bytes free
Post-Run: 268,323,057,664 bytes free
.
- - End Of File - - 311570C173991D7EFD6F5135F892498E





SIGVERIF:
When I ran sigverif from the command prompt, I got the following: SigVerif - Your filed have been scanned and verified as digitally signed.




Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/07/2011 6:43:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/07/2011 10:42:02 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 17/07/2011 9:48:48 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 17/07/2011 9:48:48 PM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{1628098C-7C1C-4D9A-A619-04C863E3232A} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 17/07/2011 9:48:46 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 17/07/2011 8:00:04 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/07/2011 7:57:07 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/07/2011 7:52:06 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 17/07/2011 7:52:06 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.1.69. The computer with the IP address 192.168.1.68 did not allow the name to be claimed by this computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/07/2011 8:00:10 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/07/2011 8:00:10 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/07/2011 6:52:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/07/2011 10:40:35 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:07:45 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:05:41 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:05:07 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:04:04 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:03:54 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:03:39 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:03:26 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 10:02:39 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 9:57:43 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 9:57:24 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 8:00:00 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:56:27 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:56:12 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:55:26 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:55:18 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:55:15 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:55:15 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:54:40 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/07/2011 7:54:32 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\system32\conhost.exe". Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attached File  junk.txt   37.89KB   55 downloads
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
I'm not seeing any major problems in the logs.

In your event logs - Something about a PC with the same name which is often an error you get when the PC is plugged into a network and at the same time the wireless is running.

The conhost thing is not important.

SFC is complaining about tcpmon.ini which from what I see on the Internet is a common glitch with 7. Used to get a similar error with a .ini file with Vista but that stopped after an update.

Did you need to change permissions on the Temp folder?

Do we still have problems?

Ron
  • 0

#11
dlech

dlech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes, I changed the settings in the temp folder, and things seem to be working smoothly now. Thank you SO much for all your help, Ron - you rock!!!
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

To hide hidden files again:

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

If you run OTL it has a Cleanup tab which will remove it and its logs and backup files.

To remove Combofix:

copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start,All Programs, Accessories then right click on Command Prompt, In the new window, right click and select Edit, Paste or Paste, then hit Enter


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP