Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help! my windows background wont start?=(


  • Please log in to reply

#1
JULIO1

JULIO1

    Member

  • Member
  • PipPip
  • 35 posts
SO i turn off my computer and turn it back on, so i log in AND THEN ALL I SEE IS THE PIONTER OF THE MOUSE M WHOLE BACKGROUND IS BLACK. SO I THEN GO TO TASK MANAGER (ALT+CTRL+DELETE) AND OPEN FILE ON TASK MANAGER I OPEN C:\Windows\explorer.exe AND MY BACKGROUND IS UP AND RUNNING. CAN SOMEONE HELP ME SOLVE THIS ISSUE I HATE TO DO THIS EVERY TIME I TUN ON MY COMPUTER. THANKS TO ALL!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ok i downloaded the software and its scanning as i type. lets see what happens now.


Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


  • 0

#4
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
im guessing ill paste it where it say custom scan/fixes right??
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
No just open a reply and paste the two logs in the reply
  • 0

#6
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL Extras logfile created on: 8/4/2011 3:30:15 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\jULiO\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 63.19% Memory free
5.97 Gb Paging File | 4.92 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.09 Gb Total Space | 200.56 Gb Free Space | 70.10% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.68 Gb Free Space | 14.03% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: jULiO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Clearwire\Connection Manager\SwiApiMux.exe" = C:\Program Files\Clearwire\Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0409A1F0-4BEF-4090-9C9C-FD9A723A6FF4}" = rport=137 | protocol=17 | dir=out | app=system |
"{0BCE6037-C7D7-4D52-B2C2-0EE26342DCEE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0CA24F09-CE0D-45CE-8F6E-2BA2AFC39C13}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C85760C-8D42-4889-94A6-56FF0BFF20F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2297BDA7-1A50-4B08-8455-DE1089BA283D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{235023B9-671F-4BAC-8FA6-A680C9422792}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23C455B3-4232-46AA-A9D5-4CE3A727B8EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EB61E9B-7CB1-472B-A6F3-AC2CBAB72D35}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2F2AA85A-CCF3-4C56-9DFF-9E4A6D0C7320}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3162039C-4408-49EE-8249-BCAE732F1608}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33B5E2E2-0FF5-462E-9380-939291D07B19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3602D08D-8C56-4FA8-BB85-CC52057FFFDB}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D15509F-AF05-4161-9BC5-DB46BB8E4C84}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3D398813-1ADE-47FE-BA47-C9E1BE4DED79}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{441DE176-8D84-4959-97FB-BEE8242AC830}" = lport=445 | protocol=6 | dir=in | app=system |
"{51B6BB1B-0B3A-40BE-AF0D-DD372FFFE29C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54F8B52D-2417-462B-9474-E5B657731311}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{59A7979B-D625-4898-A9EE-BBFA03092FF2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5C502C83-A620-4841-A858-DC11B9EDD9E4}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{5DA0A6CD-224D-437D-8E7F-CBA51BDB0977}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FC04869-E49F-4686-A3ED-B297902FCAE1}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{664A589C-392F-45EE-BFEE-65CE1E04AB5A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{6C137538-842A-4E0E-B51C-804BF6E76F6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FF08026-ACF5-4E89-A802-7EE97A9FC281}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72BE70AD-7375-446C-8597-D25FEAF5559C}" = rport=5358 | protocol=6 | dir=out | app=system |
"{72F23E9F-E524-4C43-8918-DEF77376F3F5}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7461447E-7304-4143-B485-3359932227F3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{790DDB97-2FBE-4999-A806-BE3AB31C25FD}" = rport=5357 | protocol=6 | dir=out | app=system |
"{7A0581FE-1EF3-4307-BBC0-A89572BC728C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7A3F50BD-C25E-483E-9D4B-BFB82FA63223}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7F16AF88-B71C-4DAF-B2AA-336D7FF76DA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7F98C116-F8FE-430D-AFCC-184F6529BF32}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{8783013D-C303-4BCB-9812-E4EE229CADFB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{889EA877-1665-442E-8ED8-72815DE686FE}" = lport=5357 | protocol=6 | dir=in | app=system |
"{8CFD40C1-FE11-4769-9338-1C906AD7AF55}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8DF83495-9655-48B2-9F8F-7FE97BF39AE5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{95719BD1-FF42-4B89-8FF4-0033B045B79B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{975FD784-F2A5-4FF4-9949-7A72320A0D14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E6BFA9E-7620-440D-B70B-CFAA6A287388}" = lport=137 | protocol=17 | dir=in | app=system |
"{9FC660A7-14D3-4BAC-B98A-83FD1DF9C9AD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A0A90E44-47E3-4CEB-94D0-D690A567F9CF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{A22E6F2D-9291-435E-8451-0B676589C293}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A4C65246-FB5B-41CB-990E-A99CA9C1959F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A5CF2D76-BED1-4D1E-A233-AAEAA8E2E573}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A745C903-C432-4D4C-9ABB-282DDC28161B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{AB5FA1F8-A4A2-49BB-BD62-8E5EDC12ACEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{ABF0148B-9DF1-4108-AC6B-E7098FC4D150}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD3D8B55-FC72-45AF-8E2E-2B29812F7341}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{B068428B-C985-4024-8471-1F8412EB0EC8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BB2C9484-45B5-4EA3-8A04-FE6EDF59DE10}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C1C7B95D-0A17-4AB5-84D2-26F869D1F8D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CF7CB401-4ADF-456D-9BA1-9DB46DBF5AEA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D230F722-2CEA-4637-B00C-4D767147580B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAC650D8-DF4E-4615-9F6D-79DD11ED9CD3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E0C757D6-4BDD-4A80-8F74-80FC61A4C0F0}" = lport=5358 | protocol=6 | dir=in | app=system |
"{E2D32961-76B1-4196-930B-688C5AA472E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{E374B645-9FE4-4CDF-8DCF-585B81FC4486}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E4014031-07CF-4747-8678-42D988477DD1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E51861D1-C2D6-4BC3-9AE9-D201842997B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8568105-6D44-45D9-9996-6CB4077B9AB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F07E62E1-1A63-4C66-851C-BC37B640C628}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F319B100-9669-41D9-B071-53350DFD4959}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F44AB98F-089E-4BCA-9E77-2262B4BA88BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB6AC987-CFE8-43FC-B3FF-E0047695026C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FD8F6431-747A-49FE-905F-F204CC48AA5E}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C12794-842B-414B-8C45-25E3773320F6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{0C33C1E9-EB5A-40D6-8884-E20CE33FC9AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D4BEA11-6D49-4341-9F56-FA0B57960BDF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F8382CE-20A9-4430-84E7-1E7A5B3D8645}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13A22371-584E-4D26-9704-02308A71755D}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{13B6132B-FDA4-4CE0-82E6-577F4E099491}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{142B3897-7CF3-4369-97C2-25D9F42EEB55}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14B3D9A4-23A7-4325-8475-DCB0E50B3A90}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14F219EE-83BE-42E5-BBC5-B5E2415869AE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{16970A25-421B-4A4D-BC1E-9FF23818659C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{185D797D-0CC7-4717-89A1-9BEC57FE7BAC}" = protocol=58 | dir=out | [email protected],-28546 |
"{1C506BE3-D0BD-4CCB-A1AC-3F2C83525E3A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2721C04A-2722-462D-9B6F-BFDBEDEAEC16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DE75B91-E81F-4353-8FA6-CFC32F5892CA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{2F0E3245-1C3E-4425-A159-3085A3A0F1FF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{342EA484-5ACB-408C-AAD1-4CEC0D714278}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{37ACABD6-F258-49F0-8030-544C063896B3}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{38BE44BE-4DDE-4D0B-8328-D707650C1176}" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"{39081FBD-58E6-4462-A7DA-30859BEF99EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A4AD598-7BA4-4084-9D5D-B6F68DBF0D4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3BB7BC35-61B0-4DD4-BB77-121465AB05BA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{3C2C4921-6A17-423B-9591-98BAF7FEAD23}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3E5B44D5-15C4-41A8-A33D-6643ED729552}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E938C25-4482-46B2-BAA5-C6C7C7293D3D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4089B5DE-B9A5-43DE-8785-CA993E860FD2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CB2266-50D6-4C29-80ED-5F7E9FE59F31}" = protocol=58 | dir=in | [email protected],-28545 |
"{45C28425-6FBD-46E8-8881-0E56E0912607}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4BA1B54D-035C-4BCE-8D41-2F3E80914834}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{51E9FACE-7C39-495D-8D93-F2EA5646582C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{524DDD69-9DD6-4CA1-850D-99D6781E9320}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5269B951-7468-4C3E-8D7F-9B30519F7246}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{52DEC77B-7F4B-4D98-BDAB-8EFA5197FDC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{541AD77B-255D-42E5-A765-A77E6DFCCCF6}" = protocol=1 | dir=in | [email protected],-28543 |
"{5CBDD006-5B32-4A08-AEA0-FECDB90E8ED0}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{604065A4-6306-449C-AF05-38A953F77F16}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6171C6B5-0909-44F5-9E99-64165CC13A0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64AF4B9F-2C43-416C-84CD-EEDB155262A2}" = protocol=58 | dir=in | [email protected],-148 |
"{66E8F435-384B-4E9F-ADCA-D7D2D1315EA1}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{68CC4BF3-F6A0-4F39-A388-ABE8D280262C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A1B9A52-716B-4DAD-B95F-A399273BA163}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7746BCDD-090B-4354-81E7-CA1D11AA205C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{77D18144-3E94-48F6-86EF-81D0AEBAFBB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7FE54203-50A8-460E-8340-FCED1D184CBE}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{858FB946-5CA5-45F1-A59E-8EF1CA10C36E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89288033-5D85-4FF8-8BC8-9001AC660DE4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{95143DDF-106C-4669-B79F-53EC5E49C54B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C8406FD-69D4-425B-9C26-F119EF391438}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9D214F48-2F18-4448-8654-47FC53991CF7}" = protocol=6 | dir=out | app=system |
"{9FFFCC50-491A-4818-9EC0-D9E783630D59}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A27C0849-F15B-47B9-A0F5-213536A8AB70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ADD30FFD-E4C4-497E-8809-E7372DA5FB19}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B2586E37-EA4B-4934-9710-6E5418471ED8}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{B4F0F945-1CD0-4D63-BF09-D6869D02AC6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB0EAC6C-BB90-4966-B5C3-3FFF62BFB17E}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{C1FE1D13-EF60-40AE-BCE3-34166C471C79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C69F9E3D-C8B2-4C56-BC69-CF8EA84D9B9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6A1C7CF-710B-4B4E-9BFB-CDB8EF0D8936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CECB4BBD-4E57-43C3-BBB5-EC850A320FC0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CF6D3022-27A4-4AB6-8BCA-E6745920ABDC}" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"{CFC6AC33-BB60-476C-A354-8BFCCEBC2A29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D18EF836-B524-4152-9119-B6E337A12898}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1EC4B27-6B1E-45A6-864E-FB6672FC4590}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D7D4B146-0B73-4370-8987-5E15D8A82FB2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8E34F08-E300-4B1A-8D57-94C06386AE7F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D8F621FE-EDC7-4ECD-86B9-ABB81B335A17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D93720F1-B5EC-4389-A026-D4305F47F68D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D9EEB3BB-9969-48EA-8291-EA5681CDE1CA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DA615206-0B19-4186-86A8-03F8D13DC79A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DB29B271-C953-439E-953A-6EF9433BCCDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB4348FF-A9F7-49FE-9E1B-0F36A63A0507}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD165066-433D-4641-8260-635E815439D9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD5CFEBE-AE45-40CD-AD54-0A022F0BF345}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{E063FBD0-FC7F-4BF4-9028-1534F9A5C63B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E93CBA9B-7936-4FB5-8738-64C7F3D9484E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E956B607-2645-4F97-A112-AF85385476BF}" = protocol=1 | dir=out | [email protected],-28544 |
"{EAC0886A-E8EC-45A6-968C-0CCD1383338E}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{EAD398F0-2E3B-4EF5-983B-4130449716C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB64339F-A86F-46EB-90C0-AF95E6172993}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ECE0AD0E-705F-44CE-B044-9898FE5CB901}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{ED1AB779-A722-4DA0-8447-97D37C389E3F}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ED7199C8-4572-4058-8F8E-1A2F5FBFA49B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F3CDAE19-B2BE-46F8-8698-3F9580229379}" = protocol=6 | dir=out | app=system |
"{F98D3D28-605F-4D44-85DE-0D97754607F0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA0AEEDA-51BC-4F0F-A6D8-DB3D2C39886E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{27C7B49D-21C5-45F3-AAA8-56C8A2EA90C6}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{2A059F19-CE71-497F-BC87-3A2D6AFBDEAA}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{CB7FDEC7-29F7-4006-AE05-C6442F53FD35}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{EFDADB16-1DEB-43A6-8F5B-92CC2D4A7FF8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{15BD719B-CCD7-43A9-BA3E-031B189C95BD}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{289AE0A7-A311-4F5D-9066-2A3CD8ACDB4F}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{69C6D94D-F6FE-4113-B434-9305C905BA2F}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{89FD7028-DA86-49ED-9A9C-E94D68E581B3}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 23
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0F1CE9B-1908-4BDA-8298-2DAB5F2040F6}" = CLEAR Connection Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"Ares" = Ares 2.1.7
"bearsharetb" = MediaBar
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.1
"Gringos" = Gringos
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PdaNet_is1" = PdaNet for Android 3.00
"PocketNester" = PocketNester
"PocketWavePad" = Pocket WavePad
"pywin32-py2.6" = Python 2.6 pywin32-212
"ToneGen" = NCH Tone Generator
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"vmn3_5dn" = Antiphishing Domain Advisor
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"WinISD beta" = WinISD beta
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#7
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 8/4/2011 3:30:15 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\jULiO\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 63.19% Memory free
5.97 Gb Paging File | 4.92 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.09 Gb Total Space | 200.56 Gb Free Space | 70.10% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.68 Gb Free Space | 14.03% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: jULiO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 03:15:02 | 000,189,952 | ---- | M] () -- C:\Users\jULiO\AppData\Local\Temp\Ggq.exe
PRC - [2011/08/02 22:54:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\jULiO\Desktop\OTL.exe
PRC - [2011/07/28 22:25:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/07/20 22:12:59 | 004,574,208 | ---- | M] (Sony) -- C:\Program Files\Sony\Sound Forge 9.0\Forge90.exe
PRC - [2011/07/17 17:50:28 | 000,262,145 | -HS- | M] () -- C:\Users\jULiO\AppData\Roaming\lsass.exe
PRC - [2010/09/01 16:00:20 | 000,107,856 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2010/06/17 18:55:10 | 000,398,848 | ---- | M] () -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/10/04 21:16:26 | 000,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 22:54:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\jULiO\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 16:00:30 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2010/09/01 16:00:20 | 000,124,240 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe -- (CACLEARWIRE)
SRV - [2010/09/01 16:00:20 | 000,107,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2010/06/17 18:55:10 | 000,398,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/12/08 20:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/09/02 17:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/09/01 15:30:00 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/09/01 15:21:00 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/08/06 13:22:14 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/07/08 15:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/07/08 15:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/05/25 23:48:12 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2010/05/25 23:48:12 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/12/01 10:51:24 | 000,031,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/04/10 22:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/03/08 16:51:00 | 007,764,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/02 12:59:28 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms -- (PCDSRVC{4F253FFC-7957E8FC-06000000}_0)
DRV - [2008/11/12 11:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 11:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 06:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 03:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 20:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)


[2010/08/03 12:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jULiO\AppData\Roaming\Mozilla\Extensions
[2010/08/03 12:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jULiO\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [Antiphishing Domain Advisor] C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSWUpdate] C:\Users\jULiO\AppData\Roaming\lsass.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Performance Center] File not found
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\Users\jULiO\AppData\Local\Temp\Ggq.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\jULiO\AppData\Roaming\lsass.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Weather] File not found
O4 - Startup: C:\Users\jULiO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Users\jULiO\AppData\Roaming\lsass.exe) - C:\Users\jULiO\AppData\Roaming\lsass.exe ()
O24 - Desktop WallPaper: C:\Users\jULiO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jULiO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19ec9a0b-baa5-11de-b954-00261855dc58}\Shell\AutoRun\command - "" = wscript.exe .vbs
O33 - MountPoints2\{19ec9a0b-baa5-11de-b954-00261855dc58}\Shell\open\command - "" = wscript.exe .vbs
O33 - MountPoints2\{19ec9a0e-baa5-11de-b954-00261855dc58}\Shell - "" = AutoRun
O33 - MountPoints2\{19ec9a0e-baa5-11de-b954-00261855dc58}\Shell\AutoRun\command - "" = I:\start.exe
O33 - MountPoints2\{19ec9a22-baa5-11de-b954-00261855dc58}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{4dce1378-ef74-11df-b52d-00261855dc58}\Shell - "" = AutoRun
O33 - MountPoints2\{4dce1378-ef74-11df-b52d-00261855dc58}\Shell\AutoRun\command - "" = G:\WIN\setup.exe
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 22:59:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/02 22:54:59 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\jULiO\Desktop\OTL.exe
[2011/08/02 13:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/02 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/07/30 19:09:50 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/07/28 22:25:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/07/28 22:25:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/07/28 22:25:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/07/28 22:25:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/07/28 22:25:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/07/28 22:25:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/28 22:25:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/07/28 22:25:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/07/28 22:25:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/07/28 22:25:43 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/07/28 22:25:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/07/28 22:25:43 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/07/28 22:25:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/07/28 22:25:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/07/28 22:25:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/07/28 22:25:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/28 22:25:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/07/28 22:25:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/28 22:25:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/07/28 22:25:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/07/28 22:25:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/07/28 22:25:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/07/28 22:25:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/07/28 22:25:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/07/28 22:25:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/07/28 22:25:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/28 22:25:42 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/28 22:25:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/28 22:25:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/07/28 22:25:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/07/28 22:25:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/07/28 22:25:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/07/28 22:25:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/07/28 22:25:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/07/28 22:25:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/07/28 22:25:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/07/28 22:25:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/07/28 22:25:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/07/28 22:25:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/07/28 22:18:51 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll
[2011/07/28 22:18:51 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll
[2011/07/28 22:18:51 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm90.dll
[2011/07/28 22:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2011/07/28 22:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2011/07/28 14:03:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/07/28 14:01:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/07/28 14:01:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/07/28 14:01:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/07/28 14:01:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/07/28 14:01:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/07/28 14:01:00 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/07/28 14:01:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/07/28 14:01:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/07/28 14:01:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/07/28 14:00:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/07/28 14:00:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/07/28 14:00:55 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/07/28 14:00:55 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/07/28 14:00:54 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/07/28 14:00:54 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/07/28 14:00:54 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/07/28 13:52:24 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Roaming\DivX
[2011/07/28 13:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/07/28 13:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/07/28 13:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/07/28 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/07/28 13:49:45 | 000,917,856 | ---- | C] (DivX, LLC) -- C:\Users\jULiO\Documents\DivXVODPlayer.exe
[2011/07/28 13:09:27 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/07/28 13:09:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/07/28 13:09:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/07/28 13:09:15 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/07/28 13:09:14 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/07/28 13:09:09 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/07/28 13:09:09 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/07/28 13:09:02 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/07/28 13:09:02 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/07/28 13:09:02 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/07/28 13:09:02 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/07/28 13:09:02 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/07/28 13:09:01 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/07/28 13:09:01 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/07/28 13:09:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/07/28 13:09:00 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/07/28 13:09:00 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/07/28 13:09:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/07/28 13:09:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/07/28 03:01:47 | 019,435,341 | ---- | C] (Xillvideo Software, Inc. ) -- C:\Users\jULiO\Documents\free_xill_to_divx_avi_wmv_mp4_mpeg.exe
[2011/07/28 00:09:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/07/28 00:09:20 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/28 00:09:01 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/07/28 00:08:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/07/28 00:08:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/07/28 00:08:51 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/07/28 00:08:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/07/28 00:08:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/07/28 00:08:50 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/07/28 00:08:50 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/07/28 00:08:50 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/07/28 00:08:49 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/07/28 00:08:49 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/07/28 00:08:49 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/07/28 00:08:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/07/28 00:08:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/07/28 00:08:01 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/07/28 00:08:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/07/28 00:08:01 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/07/28 00:08:00 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/07/28 00:06:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/28 00:06:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/28 00:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/07/28 00:03:48 | 008,669,472 | ---- | C] (Microsoft Corporation) -- C:\Users\jULiO\Documents\Windows7UpgradeAdvisorSetup.exe
[2011/07/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\YTDSETUP
[2011/07/27 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Roaming\Systweak
[2011/07/27 19:16:50 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011/07/20 23:17:59 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Roaming\NetMedia Providers
[2011/07/20 23:17:58 | 000,000,000 | ---D | C] -- C:\Users\jULiO\Documents\ACID Pro 7.0 Projects
[2011/07/20 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\jULiO\Desktop\Sony_Product_Digital_Insanity_Multi-Keygen_V1.5
[2011/07/20 22:14:49 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Roaming\Publish Providers
[2011/07/20 22:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2011/07/20 22:09:06 | 071,283,624 | ---- | C] (Madison Media Software, Inc.) -- C:\Users\jULiO\Desktop\soundforge90a-trial_enu.exe
[2011/07/17 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Local\PackageAware
[2011/07/13 19:15:56 | 000,000,000 | ---D | C] -- C:\Users\jULiO\Documents\Sony
[2011/07/13 19:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2011/07/13 19:10:11 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Local\Sony
[2011/07/13 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/07/13 19:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/07/13 19:08:42 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Roaming\Sony
[2011/07/13 19:07:54 | 152,070,848 | ---- | C] (Sony Creative Software Inc.) -- C:\Users\jULiO\Desktop\acidpro70e.exe
[2011/07/12 21:49:18 | 000,000,000 | ---D | C] -- C:\Users\jULiO\Desktop\tEXAS LANE hOGGAZ
[2011/07/07 12:35:33 | 000,000,000 | ---D | C] -- C:\Users\jULiO\Desktop\songs being movd first
[2011/07/07 12:27:14 | 000,000,000 | ---D | C] -- C:\Users\jULiO\Desktop\songs being moved last
[2011/07/07 11:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

========== Files - Modified Within 30 Days ==========

[2011/08/04 03:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 03:15:23 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/04 03:15:18 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/04 03:14:59 | 000,185,344 | ---- | M] () -- C:\Windows\Ghinua.exe
[2011/08/04 03:14:56 | 000,000,312 | RHS- | M] () -- C:\Windows\tasks\Qyhz.job
[2011/08/04 03:14:55 | 000,065,536 | RHS- | M] () -- C:\Windows\System32\perfc0097.dll
[2011/08/04 02:35:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 02:35:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 00:42:07 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/04 00:42:07 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/04 00:36:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/04 00:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/04 00:35:34 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 02:43:42 | 007,535,848 | ---- | M] () -- C:\Users\jULiO\Documents\m1 parte 2..mp3
[2011/08/03 02:42:48 | 007,387,473 | ---- | M] () -- C:\Users\jULiO\Documents\morir y existir dj julio..mp3
[2011/08/03 02:41:56 | 009,272,468 | ---- | M] () -- C:\Users\jULiO\Documents\empresas nc dj julio..mp3
[2011/08/03 02:41:04 | 008,945,415 | ---- | M] () -- C:\Users\jULiO\Documents\chopedjezzy rap game6..mp3
[2011/08/03 02:40:11 | 006,944,436 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screwmoney up 6..mp3
[2011/08/03 02:39:19 | 010,108,387 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screwmy people 6..mp3
[2011/08/03 02:38:28 | 008,156,517 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw 36 mafia 6..mp3
[2011/08/03 02:37:39 | 009,063,489 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw.5..mp3
[2011/08/03 02:36:49 | 012,753,024 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw.5.mp3
[2011/08/03 02:35:58 | 003,416,860 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw.4.mp3
[2011/08/03 02:35:08 | 006,652,909 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw.3.mp3
[2011/08/03 02:34:18 | 014,576,371 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw2.mp3
[2011/08/03 02:33:27 | 008,524,322 | ---- | M] () -- C:\Users\jULiO\Documents\choped and screw.mp3
[2011/08/03 02:32:35 | 010,064,501 | ---- | M] () -- C:\Users\jULiO\Documents\six twelves.mp3
[2011/08/03 02:22:28 | 006,951,750 | ---- | M] () -- C:\Users\jULiO\Documents\m1.mp3
[2011/08/03 02:19:56 | 009,782,379 | ---- | M] () -- C:\Users\jULiO\Documents\la pistola.mp3
[2011/08/03 02:19:04 | 003,761,677 | ---- | M] () -- C:\Users\jULiO\Documents\trival.mp3
[2011/08/03 02:18:17 | 007,377,024 | ---- | M] () -- C:\Users\jULiO\Documents\white boy.mp3
[2011/08/03 02:17:35 | 006,702,020 | ---- | M] () -- C:\Users\jULiO\Documents\Sangre de maldito.mp3
[2011/08/03 02:16:59 | 001,205,856 | ---- | M] () -- C:\Users\jULiO\Documents\quien te dio permiso000.mp3
[2011/08/03 02:16:27 | 006,170,166 | ---- | M] () -- C:\Users\jULiO\Documents\newtrival4000.mp3
[2011/08/03 02:16:00 | 011,867,995 | ---- | M] () -- C:\Users\jULiO\Documents\mixm4000.mp3
[2011/08/03 02:15:43 | 008,802,264 | ---- | M] () -- C:\Users\jULiO\Documents\mixm3000.mp3
[2011/08/03 02:15:30 | 007,496,142 | ---- | M] () -- C:\Users\jULiO\Documents\la venganza del m1000.mp3
[2011/08/03 02:15:20 | 009,248,436 | ---- | M] () -- C:\Users\jULiO\Documents\pa pa amercicano.mp3
[2011/08/03 02:15:08 | 007,229,693 | ---- | M] () -- C:\Users\jULiO\Documents\mixmp3000.mp3
[2011/08/03 02:14:53 | 003,692,295 | ---- | M] () -- C:\Users\jULiO\Documents\3 6.mp3
[2011/08/03 02:14:42 | 008,253,693 | ---- | M] () -- C:\Users\jULiO\Documents\jquien de los dosmp3000.mp3
[2011/08/03 02:13:50 | 005,766,836 | ---- | M] () -- C:\Users\jULiO\Documents\juicy j000.mp3
[2011/08/03 02:13:40 | 007,778,264 | ---- | M] () -- C:\Users\jULiO\Documents\manana000.mp3
[2011/08/03 02:13:27 | 001,795,629 | ---- | M] () -- C:\Users\jULiO\Documents\Hilarious Beer Song! Makes you want a nice cold beer! Lovely lovely Beer!!.mp3
[2011/08/03 02:13:17 | 004,879,299 | ---- | M] () -- C:\Users\jULiO\Documents\pa americano000.mp3
[2011/08/03 02:13:04 | 010,095,430 | ---- | M] () -- C:\Users\jULiO\Documents\juliowatts000.mp3
[2011/08/03 02:12:53 | 007,041,820 | ---- | M] () -- C:\Users\jULiO\Documents\juliowatts0.mp3
[2011/08/03 02:12:45 | 008,106,362 | ---- | M] () -- C:\Users\jULiO\Documents\juliogoing hammer.mp3
[2011/08/03 02:12:35 | 004,365,210 | ---- | M] () -- C:\Users\jULiO\Documents\swisha000.mp3
[2011/08/02 22:54:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\jULiO\Desktop\OTL.exe
[2011/08/02 13:39:29 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\NCH Tone Generator.lnk
[2011/08/02 13:04:18 | 000,001,656 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2011/07/31 23:27:33 | 211,865,029 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/30 18:59:16 | 000,000,945 | ---- | M] () -- C:\Users\jULiO\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 22:25:51 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/07/28 22:25:51 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/07/28 22:25:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/07/28 22:25:44 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/07/28 22:25:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/07/28 22:25:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/07/28 22:25:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/07/28 22:25:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/28 22:25:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/07/28 22:25:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/07/28 22:25:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/07/28 22:25:43 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/07/28 22:25:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/07/28 22:25:43 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/07/28 22:25:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/07/28 22:25:43 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/07/28 22:25:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/07/28 22:25:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/28 22:25:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/07/28 22:25:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/28 22:25:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/07/28 22:25:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/07/28 22:25:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/07/28 22:25:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/07/28 22:25:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/07/28 22:25:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/07/28 22:25:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/07/28 22:25:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/07/28 22:25:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/28 22:25:42 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/28 22:25:42 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/28 22:25:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/07/28 22:25:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/07/28 22:25:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/07/28 22:25:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/07/28 22:25:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/07/28 22:25:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/07/28 22:25:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/07/28 22:25:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/07/28 22:25:42 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/07/28 22:25:42 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/07/28 22:25:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/07/28 22:19:10 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2011/07/28 22:18:51 | 000,000,769 | ---- | M] () -- C:\Users\jULiO\Desktop\LGMobile update.lnk
[2011/07/28 21:47:17 | 000,397,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/28 13:52:51 | 000,001,430 | ---- | M] () -- C:\Users\jULiO\Desktop\DivX Movies.lnk
[2011/07/28 13:52:19 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/07/28 13:49:47 | 000,917,856 | ---- | M] (DivX, LLC) -- C:\Users\jULiO\Documents\DivXVODPlayer.exe
[2011/07/28 03:02:10 | 019,435,341 | ---- | M] (Xillvideo Software, Inc. ) -- C:\Users\jULiO\Documents\free_xill_to_divx_avi_wmv_mp4_mpeg.exe
[2011/07/28 01:25:05 | 000,061,112 | ---- | M] () -- C:\Users\jULiO\Desktop\12 Track 12.mp3.sfk
[2011/07/28 00:07:49 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/28 00:03:48 | 008,669,472 | ---- | M] (Microsoft Corporation) -- C:\Users\jULiO\Documents\Windows7UpgradeAdvisorSetup.exe
[2011/07/27 23:53:15 | 000,000,114 | ---- | M] () -- C:\Users\jULiO\Documents\shellfix.reg
[2011/07/27 22:25:11 | 004,671,979 | ---- | M] () -- C:\Users\jULiO\Documents\Outkast Feat. Killer Mike - The Whole World.mp3
[2011/07/22 13:44:31 | 004,854,494 | ---- | M] () -- C:\Users\jULiO\Desktop\10 Track 10 epicenter.mp3
[2011/07/20 23:18:43 | 016,691,179 | ---- | M] () -- C:\Users\jULiO\Desktop\bme click dj julio..mp3
[2011/07/20 23:17:48 | 000,002,636 | ---- | M] () -- C:\Users\jULiO\Documents\Register ACID Pro.htm
[2011/07/20 22:14:35 | 000,002,592 | ---- | M] () -- C:\Users\jULiO\Documents\Register Sound Forge.htm
[2011/07/20 22:11:18 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge 9.0.lnk
[2011/07/20 10:16:46 | 071,283,624 | ---- | M] (Madison Media Software, Inc.) -- C:\Users\jULiO\Desktop\soundforge90a-trial_enu.exe
[2011/07/18 18:50:44 | 000,002,636 | ---- | M] () -- C:\Users\jULiO\Documents\Register Sound Forge Pro.htm
[2011/07/17 18:33:48 | 000,001,829 | ---- | M] () -- C:\Users\jULiO\Desktop\ACID Pro 7.0.lnk
[2011/07/17 18:21:28 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2011/07/17 17:58:35 | 000,000,104 | ---- | M] () -- C:\Users\jULiO\Desktop\Computer - Shortcut (2).lnk
[2011/07/17 17:50:28 | 000,262,145 | -HS- | M] () -- C:\Users\jULiO\AppData\Roaming\lsass.exe
[2011/07/13 15:12:34 | 152,070,848 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\jULiO\Desktop\acidpro70e.exe
[2011/07/12 12:13:03 | 009,603,657 | ---- | M] () -- C:\Users\jULiO\Documents\still getting dj julio..mp3
[2011/07/12 12:08:00 | 008,567,118 | ---- | M] () -- C:\Users\jULiO\Desktop\throw it up1 dj julio..mp3
[2011/07/12 12:07:59 | 008,567,118 | ---- | M] () -- C:\Users\jULiO\Documents\throw it up1 dj julio..mp3
[2011/07/12 12:02:58 | 008,897,306 | ---- | M] () -- C:\Users\jULiO\Desktop\boy from the block1 dj julio..mp3
[2011/07/12 12:02:56 | 008,897,306 | ---- | M] () -- C:\Users\jULiO\Documents\boy from the block1 dj julio..mp3
[2011/07/12 11:44:38 | 016,690,155 | ---- | M] () -- C:\Users\jULiO\Documents\bme click dj julio..mp3
[2011/07/12 11:18:30 | 007,240,098 | ---- | M] () -- C:\Users\jULiO\Desktop\riding on chrome dj julio..mp3
[2011/07/12 11:18:29 | 007,240,098 | ---- | M] () -- C:\Users\jULiO\Documents\riding on chrome dj julio..mp3
[2011/07/12 11:13:10 | 008,081,240 | ---- | M] () -- C:\Users\jULiO\Desktop\dj screw dj julio..mp3
[2011/07/12 11:13:08 | 008,081,240 | ---- | M] () -- C:\Users\jULiO\Documents\dj screw dj julio..mp3
[2011/07/12 11:07:56 | 012,944,196 | ---- | M] () -- C:\Users\jULiO\Desktop\im on one2 dj julio..mp3
[2011/07/12 11:07:55 | 012,944,196 | ---- | M] () -- C:\Users\jULiO\Documents\im on one2 dj julio..mp3
[2011/07/12 10:55:58 | 007,199,347 | ---- | M] () -- C:\Users\jULiO\Documents\mundo es tuyo 2 dj julio..mp3
[2011/07/11 19:15:01 | 012,950,465 | ---- | M] () -- C:\Users\jULiO\Documents\im on one dj julio..mp3
[2011/07/11 19:07:39 | 007,190,987 | ---- | M] () -- C:\Users\jULiO\Documents\el mundo tuyo dj julio..mp3
[2011/07/07 13:26:14 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011/07/05 22:24:19 | 000,001,614 | ---- | M] () -- C:\Users\jULiO\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk

========== Files Created - No Company Name ==========

[2011/08/04 03:15:11 | 000,185,344 | ---- | C] () -- C:\Windows\Ghinua.exe
[2011/08/04 03:15:06 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/04 03:15:02 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/04 03:14:55 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\perfc0097.dll
[2011/08/04 03:14:55 | 000,000,312 | RHS- | C] () -- C:\Windows\tasks\Qyhz.job
[2011/08/02 13:39:29 | 000,000,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Tone Generator.lnk
[2011/08/02 13:39:29 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\NCH Tone Generator.lnk
[2011/08/02 01:25:56 | 000,001,656 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011/07/28 22:25:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/07/28 22:18:51 | 000,000,769 | ---- | C] () -- C:\Users\jULiO\Desktop\LGMobile update.lnk
[2011/07/28 22:18:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/07/28 22:18:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/07/28 14:00:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/07/28 14:00:55 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/07/28 14:00:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/07/28 13:52:51 | 000,001,430 | ---- | C] () -- C:\Users\jULiO\Desktop\DivX Movies.lnk
[2011/07/28 13:52:19 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/07/28 12:51:45 | 3085,369,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/28 01:18:43 | 000,061,112 | ---- | C] () -- C:\Users\jULiO\Desktop\12 Track 12.mp3.sfk
[2011/07/28 00:05:08 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/07/28 00:05:08 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/07/27 23:53:14 | 000,000,114 | ---- | C] () -- C:\Users\jULiO\Documents\shellfix.reg
[2011/07/27 22:24:57 | 004,671,979 | ---- | C] () -- C:\Users\jULiO\Documents\Outkast Feat. Killer Mike - The Whole World.mp3
[2011/07/22 13:44:29 | 004,854,494 | ---- | C] () -- C:\Users\jULiO\Desktop\10 Track 10 epicenter.mp3
[2011/07/20 22:14:35 | 000,002,592 | ---- | C] () -- C:\Users\jULiO\Documents\Register Sound Forge.htm
[2011/07/20 22:11:18 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge 9.0.lnk
[2011/07/17 18:33:48 | 000,001,829 | ---- | C] () -- C:\Users\jULiO\Desktop\ACID Pro 7.0.lnk
[2011/07/17 18:21:28 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2011/07/17 17:58:34 | 000,000,104 | ---- | C] () -- C:\Users\jULiO\Desktop\Computer - Shortcut (2).lnk
[2011/07/16 18:31:47 | 000,002,636 | ---- | C] () -- C:\Users\jULiO\Documents\Register ACID Pro.htm
[2011/07/16 18:28:29 | 000,262,145 | -HS- | C] () -- C:\Users\jULiO\AppData\Roaming\lsass.exe
[2011/07/14 11:03:06 | 000,002,636 | ---- | C] () -- C:\Users\jULiO\Documents\Register Sound Forge Pro.htm
[2011/07/12 21:32:43 | 012,944,196 | ---- | C] () -- C:\Users\jULiO\Desktop\im on one2 dj julio..mp3
[2011/07/12 21:32:42 | 008,081,240 | ---- | C] () -- C:\Users\jULiO\Desktop\dj screw dj julio..mp3
[2011/07/12 21:32:42 | 007,240,098 | ---- | C] () -- C:\Users\jULiO\Desktop\riding on chrome dj julio..mp3
[2011/07/12 21:32:41 | 016,691,179 | ---- | C] () -- C:\Users\jULiO\Desktop\bme click dj julio..mp3
[2011/07/12 21:32:40 | 008,897,306 | ---- | C] () -- C:\Users\jULiO\Desktop\boy from the block1 dj julio..mp3
[2011/07/12 21:32:40 | 004,063,382 | R--- | C] () -- C:\Users\jULiO\Desktop\just beats.wma
[2011/07/12 21:32:39 | 008,567,118 | ---- | C] () -- C:\Users\jULiO\Desktop\throw it up1 dj julio..mp3
[2011/07/12 12:09:03 | 009,603,657 | ---- | C] () -- C:\Users\jULiO\Documents\still getting dj julio..mp3
[2011/07/12 12:04:25 | 008,567,118 | ---- | C] () -- C:\Users\jULiO\Documents\throw it up1 dj julio..mp3
[2011/07/12 11:59:13 | 008,897,306 | ---- | C] () -- C:\Users\jULiO\Documents\boy from the block1 dj julio..mp3
[2011/07/12 11:57:09 | 004,863,627 | R--- | C] () -- C:\Users\jULiO\Desktop\StiLL qEtiN.wma
[2011/07/12 11:37:40 | 016,690,155 | ---- | C] () -- C:\Users\jULiO\Documents\bme click dj julio..mp3
[2011/07/12 11:15:05 | 007,240,098 | ---- | C] () -- C:\Users\jULiO\Documents\riding on chrome dj julio..mp3
[2011/07/12 11:09:46 | 008,081,240 | ---- | C] () -- C:\Users\jULiO\Documents\dj screw dj julio..mp3
[2011/07/12 11:02:25 | 012,944,196 | ---- | C] () -- C:\Users\jULiO\Documents\im on one2 dj julio..mp3
[2011/07/12 10:51:38 | 007,199,347 | ---- | C] () -- C:\Users\jULiO\Documents\mundo es tuyo 2 dj julio..mp3
[2011/07/11 19:09:37 | 012,950,465 | ---- | C] () -- C:\Users\jULiO\Documents\im on one dj julio..mp3
[2011/07/11 19:04:39 | 007,190,987 | ---- | C] () -- C:\Users\jULiO\Documents\el mundo tuyo dj julio..mp3
[2011/07/05 22:24:19 | 000,001,614 | ---- | C] () -- C:\Users\jULiO\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/12/18 20:20:13 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/18 20:20:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 19:52:50 | 000,000,008 | -HS- | C] () -- C:\Users\jULiO\AppData\Roaming\date
[2010/12/18 19:52:49 | 000,000,002 | -HS- | C] () -- C:\Users\jULiO\AppData\Roaming\evf6
[2010/09/01 15:30:00 | 000,039,632 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2010/07/08 15:24:30 | 002,033,744 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
[2009/11/18 10:35:19 | 000,000,000 | ---- | C] () -- C:\Users\jULiO\AppData\Roaming\wklnhst.dat
[2009/11/12 03:15:28 | 002,644,245 | ---- | C] () -- C:\Users\jULiO\AppData\Local\tmpHALF DOME AT SUNSET.0
[2009/11/12 03:15:28 | 000,354,631 | ---- | C] () -- C:\Users\jULiO\AppData\Local\tmpHALF DOME AT SUNSET.JPG
[2009/11/03 14:58:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/03 14:58:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/25 20:29:57 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009/10/15 00:55:30 | 000,027,033 | ---- | C] () -- C:\Users\jULiO\AppData\Roaming\UserTile.png
[2009/10/06 23:52:20 | 000,017,920 | ---- | C] () -- C:\Users\jULiO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 01:59:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/12 01:32:14 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/06/12 01:32:14 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,397,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [Antiphishing Domain Advisor] C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [MSWUpdate] C:\Users\jULiO\AppData\Roaming\lsass.exe ()
O4 - HKLM..\Run: [Performance Center] File not found
O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\Users\jULiO\AppData\Local\Temp\Ggq.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\jULiO\AppData\Roaming\lsass.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Weather] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O20 - HKLM Winlogon: Shell - (C:\Users\jULiO\AppData\Roaming\lsass.exe) - C:\Users\jULiO\AppData\Roaming\lsass.exe ()
O33 - MountPoints2\{19ec9a0b-baa5-11de-b954-00261855dc58}\Shell\AutoRun\command - "" = wscript.exe .vbs
O33 - MountPoints2\{19ec9a0b-baa5-11de-b954-00261855dc58}\Shell\open\command - "" = wscript.exe .vbs
O33 - MountPoints2\{19ec9a0e-baa5-11de-b954-00261855dc58}\Shell - "" = AutoRun
O33 - MountPoints2\{19ec9a0e-baa5-11de-b954-00261855dc58}\Shell\AutoRun\command - "" = I:\start.exe
O33 - MountPoints2\{19ec9a22-baa5-11de-b954-00261855dc58}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{4dce1378-ef74-11df-b52d-00261855dc58}\Shell - "" = AutoRun
O33 - MountPoints2\{4dce1378-ef74-11df-b52d-00261855dc58}\Shell\AutoRun\command - "" = G:\WIN\setup.exe
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{b57348ac-f181-11de-bb1e-00261855dc58}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe /pdf_Spanish
[2011/08/04 03:15:23 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/04 03:15:18 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/04 03:14:59 | 000,185,344 | ---- | M] () -- C:\Windows\Ghinua.exe
[2011/08/04 03:14:56 | 000,000,312 | RHS- | M] () -- C:\Windows\tasks\Qyhz.job
[2011/07/17 17:50:28 | 000,262,145 | -HS- | M] () -- C:\Users\jULiO\AppData\Roaming\lsass.exe
[2011/08/04 03:14:55 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\perfc0097.dll
[2011/07/28 14:00:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/07/28 14:00:55 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/07/28 14:00:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/07/16 18:31:47 | 000,002,636 | ---- | C] () -- C:\Users\jULiO\Documents\Register ACID Pro.htm
[2010/12/18 19:52:50 | 000,000,008 | -HS- | C] () -- C:\Users\jULiO\AppData\Roaming\date
[2010/12/18 19:52:49 | 000,000,002 | -HS- | C] () -- C:\Users\jULiO\AppData\Roaming\evf6
[2010/09/01 15:30:00 | 000,039,632 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2011/07/27 19:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\YTDSETUP
[2011/07/27 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\jULiO\AppData\Roaming\Systweak
[2011/07/27 19:16:50 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

:Files
C:\Users\jULiO\AppData\Local\Temp\Ggq.exe
C:\Users\jULiO\AppData\Local\Temp\*.exe
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
µTorrent
FrostWire 4.21.1
Ares 2.1.7
MediaBar
Norton Security Scan
Java™ 6 Update 23


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Install the free Avast:

http://www.avast.com...ivirus-download
Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron
  • 0

#9
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
well i did the first step my windows is back to norma1 thanks man you made my day! you're a real pro! and i'm still in the process of doing those other things!

Edited by JULIO1, 06 August 2011 - 07:29 PM.

  • 0

#10
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
malware*


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7397

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/6/2011 8:38:04 PM
mbam-log-2011-08-06 (20-38-04).txt

Scan type: Quick scan
Objects scanned: 183953
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jULiO\AppData\Local\Temp\temp1_sony_product_digital_insanity_multi-keygen_v1.5.zip\sony.products.multikeygen.v1.5.keygen.only-di\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\CS\cs.exe (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
  • 0

Advertisements


#11
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
*combo

ComboFix 11-08-06.02 - jULiO 08/06/2011 20:52:45.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2054 [GMT -6:00]
Running from: c:\users\jULiO\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jULiO\AppData\Roaming\.#
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 03:00 . 2011-08-07 03:01 -------- d-----w- c:\users\jULiO\AppData\Local\temp
2011-08-07 03:00 . 2011-08-07 03:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-07 03:00 . 2011-08-07 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 02:32 . 2011-08-07 02:32 -------- d-----w- c:\users\jULiO\AppData\Roaming\Malwarebytes
2011-08-07 02:32 . 2011-08-07 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 02:32 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 02:32 . 2011-08-07 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 02:32 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-05 21:53 . 2011-08-05 21:53 -------- d-----w- c:\windows\Sun
2011-08-05 21:21 . 2011-07-20 15:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98BA1CA7-5754-4445-97A6-564AE7E27150}\mpengine.dll
2011-08-03 04:59 . 2011-08-03 04:59 -------- d-----w- C:\_OTL
2011-08-02 19:39 . 2011-08-02 19:39 -------- d-----w- c:\programdata\NCH Software
2011-08-02 07:25 . 2011-08-02 19:04 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2011-07-31 01:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-29 04:18 . 2011-05-10 19:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-29 04:18 . 2011-05-10 19:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-29 04:18 . 2011-05-10 19:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-29 04:18 . 2006-05-04 14:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-07-29 04:18 . 2011-07-29 04:18 -------- d-----w- c:\programdata\LGMOBILEAX
2011-07-28 20:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-28 20:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-07-28 20:01 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-07-28 20:01 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-07-28 20:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-28 20:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-28 20:01 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-07-28 20:01 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-07-28 20:01 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-07-28 20:00 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-28 20:00 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-28 20:00 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-07-28 20:00 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-07-28 20:00 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-07-28 20:00 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-07-28 20:00 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-07-28 20:00 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-07-28 20:00 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-07-28 20:00 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-07-28 19:52 . 2011-07-28 19:58 -------- d-----w- c:\users\jULiO\AppData\Roaming\DivX
2011-07-28 19:52 . 2011-07-28 19:52 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-07-28 19:52 . 2011-07-28 19:52 -------- d-----w- c:\program files\DivX
2011-07-28 19:51 . 2011-07-28 19:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-07-28 19:06 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-28 06:09 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-28 06:09 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-28 06:09 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-28 06:09 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-28 06:09 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-28 06:09 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-28 06:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-07-28 06:06 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-28 06:06 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-28 06:06 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-28 06:06 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-28 06:06 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-28 06:06 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-28 06:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-07-28 06:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-07-28 06:05 . 2011-08-05 22:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-07-21 05:17 . 2011-07-21 05:17 -------- d-----w- c:\users\jULiO\AppData\Roaming\NetMedia Providers
2011-07-21 04:14 . 2011-07-21 04:14 -------- d-----w- c:\users\jULiO\AppData\Roaming\Publish Providers
2011-07-21 04:11 . 2011-07-21 04:11 -------- d-----w- c:\program files\Vstplugins
2011-07-18 00:11 . 2011-07-18 00:11 -------- d-----w- c:\users\jULiO\AppData\Local\PackageAware
2011-07-14 01:13 . 2011-07-21 04:09 -------- d-----w- c:\program files\Sony Setup
2011-07-14 01:10 . 2011-07-21 04:12 -------- d-----w- c:\users\jULiO\AppData\Local\Sony
2011-07-14 01:09 . 2011-07-21 04:11 -------- d-----w- c:\program files\Sony
2011-07-14 01:08 . 2011-07-21 05:17 -------- d-----w- c:\users\jULiO\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 01:14 . 2009-10-26 06:13 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-03-06 915512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
c:\users\jULiO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-29 477736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-18 398848]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-08-06 14336]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-12-01 31312]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-07-08 318464]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-07-08 51456]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [2010-09-01 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [2010-09-01 120144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-09-01 107856]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 13312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 20:07]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 20:07]
.
2011-01-24 c:\windows\Tasks\Norton Security Scan for jULiO.job
- c:\progra~1\NORTON~2\Engine\273~1.34\Nss.exe [2010-11-13 08:51]
.
2009-10-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 192.168.15.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 21:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-06 21:05:25
ComboFix-quarantined-files.txt 2011-08-07 03:05
.
Pre-Run: 214,821,875,712 bytes free
Post-Run: 215,396,933,632 bytes free
.
- - End Of File - - 68DC68C5DFCD927866FA83317DC3D811
  • 0

#12
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
*task


2011/08/06 21:11:12.0714 2852 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/06 21:11:13.0260 2852 ================================================================================
2011/08/06 21:11:13.0260 2852 SystemInfo:
2011/08/06 21:11:13.0260 2852
2011/08/06 21:11:13.0260 2852 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/06 21:11:13.0260 2852 Product type: Workstation
2011/08/06 21:11:13.0260 2852 ComputerName: PC
2011/08/06 21:11:13.0260 2852 UserName: jULiO
2011/08/06 21:11:13.0260 2852 Windows directory: C:\Windows
2011/08/06 21:11:13.0260 2852 System windows directory: C:\Windows
2011/08/06 21:11:13.0260 2852 Processor architecture: Intel x86
2011/08/06 21:11:13.0260 2852 Number of processors: 1
2011/08/06 21:11:13.0260 2852 Page size: 0x1000
2011/08/06 21:11:13.0260 2852 Boot type: Normal boot
2011/08/06 21:11:13.0260 2852 ================================================================================
2011/08/06 21:11:13.0790 2852 Initialize success
2011/08/06 21:11:39.0218 2440 ================================================================================
2011/08/06 21:11:39.0218 2440 Scan started
2011/08/06 21:11:39.0218 2440 Mode: Manual;
2011/08/06 21:11:39.0218 2440 ================================================================================
2011/08/06 21:11:39.0998 2440 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/06 21:11:40.0170 2440 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/06 21:11:40.0279 2440 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/06 21:11:40.0388 2440 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/06 21:11:40.0497 2440 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/06 21:11:40.0684 2440 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/06 21:11:40.0809 2440 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/06 21:11:40.0965 2440 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/06 21:11:41.0059 2440 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/06 21:11:41.0215 2440 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/06 21:11:41.0355 2440 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/06 21:11:41.0449 2440 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/06 21:11:41.0605 2440 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/06 21:11:41.0714 2440 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/06 21:11:41.0870 2440 Andbus (19f9b865832fc563ed8eed449cb4ff31) C:\Windows\system32\DRIVERS\lgandbus.sys
2011/08/06 21:11:42.0042 2440 androidusb (919957563c857145e9c4b3acdc8eaf7d) C:\Windows\system32\Drivers\androidusb.sys
2011/08/06 21:11:42.0198 2440 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/06 21:11:42.0354 2440 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/06 21:11:42.0463 2440 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/06 21:11:42.0603 2440 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/08/06 21:11:42.0790 2440 bcm (99ec3b1c50a6fcb07b5f3f153a938e19) C:\Windows\system32\DRIVERS\drxvi314.sys
2011/08/06 21:11:42.0915 2440 bcmbusctr (c303a3c17d7605d07293e1b4cdde0c08) C:\Windows\system32\DRIVERS\BcmBusCtr.sys
2011/08/06 21:11:43.0024 2440 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/06 21:11:43.0196 2440 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/06 21:11:43.0321 2440 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/06 21:11:43.0446 2440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/06 21:11:43.0524 2440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/06 21:11:43.0695 2440 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/06 21:11:43.0789 2440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/06 21:11:43.0898 2440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/06 21:11:43.0976 2440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/06 21:11:44.0101 2440 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/06 21:11:44.0397 2440 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/06 21:11:44.0569 2440 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/06 21:11:44.0647 2440 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/06 21:11:44.0803 2440 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/06 21:11:44.0943 2440 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/06 21:11:45.0021 2440 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/06 21:11:45.0130 2440 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/06 21:11:45.0224 2440 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/06 21:11:45.0411 2440 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/06 21:11:45.0708 2440 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/06 21:11:45.0848 2440 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/06 21:11:45.0973 2440 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/06 21:11:46.0098 2440 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/06 21:11:46.0254 2440 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/06 21:11:46.0425 2440 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/06 21:11:46.0581 2440 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/06 21:11:46.0722 2440 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/06 21:11:46.0831 2440 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/06 21:11:46.0971 2440 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/06 21:11:47.0065 2440 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/06 21:11:47.0174 2440 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/06 21:11:47.0283 2440 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/06 21:11:47.0377 2440 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/06 21:11:47.0502 2440 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/06 21:11:47.0595 2440 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/06 21:11:47.0798 2440 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/06 21:11:47.0907 2440 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/06 21:11:47.0985 2440 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/06 21:11:48.0079 2440 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/06 21:11:48.0235 2440 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/06 21:11:48.0344 2440 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/06 21:11:48.0422 2440 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/06 21:11:48.0547 2440 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/06 21:11:48.0672 2440 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/06 21:11:48.0765 2440 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/06 21:11:48.0968 2440 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/06 21:11:49.0124 2440 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/06 21:11:49.0202 2440 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/06 21:11:49.0358 2440 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/06 21:11:49.0514 2440 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/06 21:11:49.0639 2440 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/06 21:11:49.0764 2440 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/08/06 21:11:49.0857 2440 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/06 21:11:50.0013 2440 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/08/06 21:11:50.0091 2440 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/06 21:11:50.0169 2440 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/06 21:11:50.0294 2440 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/06 21:11:50.0388 2440 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/06 21:11:50.0481 2440 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/06 21:11:50.0575 2440 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/06 21:11:50.0700 2440 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/06 21:11:50.0887 2440 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/06 21:11:51.0043 2440 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/06 21:11:51.0152 2440 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/06 21:11:51.0277 2440 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/06 21:11:51.0386 2440 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/06 21:11:51.0526 2440 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/08/06 21:11:51.0682 2440 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/06 21:11:51.0792 2440 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/06 21:11:51.0932 2440 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/06 21:11:52.0041 2440 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/06 21:11:52.0119 2440 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/06 21:11:52.0213 2440 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/06 21:11:52.0322 2440 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/06 21:11:52.0447 2440 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/06 21:11:52.0556 2440 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/06 21:11:52.0712 2440 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/06 21:11:52.0790 2440 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/06 21:11:52.0884 2440 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/06 21:11:52.0993 2440 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/06 21:11:53.0118 2440 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/06 21:11:53.0227 2440 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/06 21:11:53.0336 2440 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/06 21:11:53.0476 2440 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/06 21:11:53.0554 2440 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/06 21:11:53.0648 2440 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/06 21:11:53.0757 2440 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/06 21:11:53.0882 2440 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/06 21:11:53.0991 2440 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/06 21:11:54.0085 2440 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/06 21:11:54.0178 2440 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/06 21:11:54.0288 2440 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/06 21:11:54.0444 2440 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/06 21:11:54.0584 2440 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/06 21:11:54.0678 2440 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/06 21:11:54.0756 2440 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/06 21:11:54.0880 2440 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/06 21:11:54.0974 2440 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/06 21:11:55.0068 2440 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/06 21:11:55.0161 2440 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/06 21:11:55.0286 2440 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/06 21:11:55.0411 2440 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/06 21:11:55.0520 2440 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/06 21:11:55.0629 2440 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/06 21:11:55.0738 2440 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/06 21:11:55.0832 2440 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/06 21:11:55.0972 2440 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/06 21:11:56.0238 2440 nvlddmkm (09f5e33f91e186037262355b0ba72913) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/06 21:11:56.0472 2440 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/06 21:11:56.0581 2440 nvrd32 (5dd1242cabc1ef8dce4438d72d72a436) C:\Windows\system32\drivers\nvrd32.sys
2011/08/06 21:11:56.0721 2440 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
2011/08/06 21:11:56.0815 2440 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/06 21:11:56.0924 2440 nvstor32 (bb4dd678706510d9249eed1da0219900) C:\Windows\system32\drivers\nvstor32.sys
2011/08/06 21:11:57.0018 2440 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/06 21:11:57.0283 2440 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/06 21:11:57.0439 2440 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/06 21:11:57.0532 2440 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/06 21:11:57.0610 2440 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/06 21:11:57.0829 2440 PCDSRVC{4F253FFC-7957E8FC-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\program files\pc-doctor for windows\pcdsrvc.pkms
2011/08/06 21:11:57.0938 2440 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/06 21:11:58.0032 2440 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/06 21:11:58.0141 2440 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/06 21:11:58.0266 2440 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2011/08/06 21:11:58.0437 2440 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/06 21:11:58.0624 2440 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\Windows\system32\DRIVERS\pneteth.sys
2011/08/06 21:11:58.0734 2440 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/06 21:11:58.0827 2440 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/06 21:11:58.0983 2440 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/06 21:11:59.0139 2440 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/06 21:11:59.0280 2440 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/06 21:11:59.0420 2440 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/06 21:11:59.0560 2440 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/06 21:11:59.0654 2440 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/06 21:11:59.0779 2440 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/06 21:11:59.0872 2440 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/06 21:11:59.0966 2440 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/06 21:12:00.0060 2440 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/06 21:12:00.0169 2440 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/06 21:12:00.0247 2440 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/06 21:12:00.0356 2440 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/06 21:12:00.0481 2440 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/08/06 21:12:00.0590 2440 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/06 21:12:00.0715 2440 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/06 21:12:00.0840 2440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/06 21:12:00.0949 2440 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/06 21:12:01.0042 2440 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/06 21:12:01.0152 2440 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/06 21:12:01.0292 2440 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/06 21:12:01.0370 2440 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/06 21:12:01.0495 2440 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/06 21:12:01.0573 2440 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/06 21:12:01.0682 2440 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/06 21:12:01.0791 2440 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/06 21:12:01.0900 2440 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/06 21:12:02.0025 2440 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/06 21:12:02.0150 2440 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/06 21:12:02.0275 2440 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/06 21:12:02.0415 2440 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/06 21:12:02.0556 2440 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/06 21:12:02.0712 2440 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/06 21:12:02.0930 2440 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\Windows\system32\DRIVERS\swmx00.sys
2011/08/06 21:12:03.0070 2440 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\Windows\system32\DRIVERS\SWNC5E00.sys
2011/08/06 21:12:03.0180 2440 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/06 21:12:03.0242 2440 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/06 21:12:03.0320 2440 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/06 21:12:03.0507 2440 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/06 21:12:03.0648 2440 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/06 21:12:03.0772 2440 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/06 21:12:03.0866 2440 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/06 21:12:03.0960 2440 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/06 21:12:04.0053 2440 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/06 21:12:04.0147 2440 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/06 21:12:04.0287 2440 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/06 21:12:04.0412 2440 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/06 21:12:04.0490 2440 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/06 21:12:04.0584 2440 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/06 21:12:04.0693 2440 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/06 21:12:04.0849 2440 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/06 21:12:04.0942 2440 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/06 21:12:05.0067 2440 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/06 21:12:05.0161 2440 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/06 21:12:05.0270 2440 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/06 21:12:05.0379 2440 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/06 21:12:05.0473 2440 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/06 21:12:05.0598 2440 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/06 21:12:05.0691 2440 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/06 21:12:05.0785 2440 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/06 21:12:05.0878 2440 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/08/06 21:12:05.0988 2440 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/06 21:12:06.0081 2440 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/06 21:12:06.0175 2440 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/06 21:12:06.0346 2440 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/06 21:12:06.0487 2440 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/06 21:12:06.0580 2440 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/06 21:12:06.0690 2440 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/06 21:12:06.0752 2440 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/06 21:12:06.0783 2440 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/06 21:12:06.0892 2440 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/06 21:12:07.0002 2440 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/06 21:12:07.0095 2440 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/06 21:12:07.0220 2440 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/06 21:12:07.0314 2440 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 21:12:07.0392 2440 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 21:12:07.0516 2440 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/06 21:12:07.0626 2440 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/06 21:12:07.0844 2440 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/08/06 21:12:07.0953 2440 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/06 21:12:08.0156 2440 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/06 21:12:08.0265 2440 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/06 21:12:08.0452 2440 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/06 21:12:08.0624 2440 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
2011/08/06 21:12:08.0811 2440 Boot (0x1200) (464bb970b9fb2ad900c6b97c31cc97a3) \Device\Harddisk0\DR0\Partition0
2011/08/06 21:12:08.0858 2440 Boot (0x1200) (4ca51e52383d4fdedc52e1dfcc01ea62) \Device\Harddisk0\DR0\Partition1
2011/08/06 21:12:08.0874 2440 ================================================================================
2011/08/06 21:12:08.0874 2440 Scan finished
2011/08/06 21:12:08.0874 2440 ================================================================================
2011/08/06 21:12:08.0889 3456 Detected object count: 0
2011/08/06 21:12:08.0889 3456 Actual detected object count: 0
  • 0

#13
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 21:18:17
-----------------------------
21:18:17.210 OS Version: Windows 6.0.6002 Service Pack 2
21:18:17.210 Number of processors: 1 586 0x7F02
21:18:17.210 ComputerName: PC UserName:
21:18:17.912 Initialze error C000010E - driver not loaded
21:18:17.944 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
21:19:36.089 AVAST engine defs: 11080601
21:19:46.104 Scan error: Incorrect function.
21:22:15.989 The log file has been saved successfully to "C:\Users\jULiO\Documents\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 21:23:12
-----------------------------
21:23:12.841 OS Version: Windows 6.0.6002 Service Pack 2
21:23:12.841 Number of processors: 1 586 0x7F02
21:23:12.841 ComputerName: PC UserName:
21:23:13.699 Initialize success
21:23:18.379 AVAST engine defs: 11080601
21:23:20.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
21:23:20.844 Disk 0 Vendor: ST332081 HP22 Size: 305245MB BusType: 3
21:23:22.872 Disk 0 MBR read successfully
21:23:22.872 Disk 0 MBR scan
21:23:22.872 Disk 0 unknown MBR code
21:23:22.887 Disk 0 scanning sectors +625137345
21:23:22.981 Disk 0 scanning C:\Windows\system32\drivers
21:23:34.634 Service scanning
21:23:35.695 Modules scanning
21:23:49.173 Disk 0 trace - called modules:
21:23:49.220 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:23:49.236 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f40a58]
21:23:49.236 3 CLASSPNP.SYS[807198b3] -> nt!IofCallDriver -> [0x859ea9f0]
21:23:49.750 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000051[0x859e7c28]
21:23:50.655 AVAST engine scan C:\Windows
21:23:53.650 AVAST engine scan C:\Windows\system32
21:26:00.556 AVAST engine scan C:\Windows\system32\drivers
21:26:13.473 AVAST engine scan C:\Users\jULiO
21:30:14.275 AVAST engine scan C:\ProgramData
21:36:30.391 Scan finished successfully
21:41:34.216 Disk 0 MBR has been saved successfully to "C:\Users\jULiO\Documents\MBR.dat"
21:41:34.232 The log file has been saved successfully to "C:\Users\jULiO\Documents\aswMBR.txt"
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\Tasks\Norton Security Scan for jULiO.job
c:\windows\Tasks\PCDRScheduledMaintenance.job

Folder::
c:\progra~1\NORTON~2
c:\program files\PC-Doctor for Windows


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron
  • 0

#15
JULIO1

JULIO1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ComboFix 11-08-06.02 - jULiO 08/09/2011 23:21:37.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1994 [GMT -6:00]
Running from: c:\users\jULiO\Desktop\ComboFix.exe
Command switches used :: c:\users\jULiO\Desktop\CFScript .txt.lnk
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 05:29 . 2011-08-10 05:30 -------- d-----w- c:\users\jULiO\AppData\Local\temp
2011-08-10 05:29 . 2011-08-10 05:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-10 05:29 . 2011-08-10 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 05:29 . 2011-08-10 05:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-08 02:05 . 2011-08-08 02:05 -------- d-----w- c:\program files\GameSpy Arcade
2011-08-07 03:48 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-07 03:48 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-07 03:48 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-07 03:48 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-07 03:48 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-07 03:48 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-07 03:48 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-07 03:48 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-07 03:48 . 2011-08-07 03:48 -------- d-----w- c:\programdata\AVAST Software
2011-08-07 03:48 . 2011-08-07 03:48 -------- d-----w- c:\program files\AVAST Software
2011-08-07 02:32 . 2011-08-07 02:32 -------- d-----w- c:\users\jULiO\AppData\Roaming\Malwarebytes
2011-08-07 02:32 . 2011-08-07 02:32 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 02:32 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 02:32 . 2011-08-07 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 02:32 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-05 21:53 . 2011-08-05 21:53 -------- d-----w- c:\windows\Sun
2011-08-05 21:21 . 2011-07-20 15:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98BA1CA7-5754-4445-97A6-564AE7E27150}\mpengine.dll
2011-08-03 04:59 . 2011-08-03 04:59 -------- d-----w- C:\_OTL
2011-08-02 19:39 . 2011-08-02 19:39 -------- d-----w- c:\programdata\NCH Software
2011-08-02 07:25 . 2011-08-02 19:04 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2011-07-31 01:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-29 04:18 . 2011-05-10 19:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-29 04:18 . 2011-05-10 19:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-29 04:18 . 2011-05-10 19:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-29 04:18 . 2006-05-04 14:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-07-29 04:18 . 2011-07-29 04:18 -------- d-----w- c:\programdata\LGMOBILEAX
2011-07-28 20:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-28 20:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-07-28 20:01 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-07-28 20:01 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-07-28 20:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-28 20:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-28 20:01 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-07-28 20:01 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-07-28 20:01 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-07-28 20:00 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-28 20:00 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-28 20:00 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-07-28 20:00 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-07-28 20:00 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-07-28 20:00 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-07-28 20:00 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-07-28 20:00 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-07-28 20:00 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-07-28 20:00 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-07-28 19:52 . 2011-07-28 19:58 -------- d-----w- c:\users\jULiO\AppData\Roaming\DivX
2011-07-28 19:52 . 2011-07-28 19:52 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-07-28 19:52 . 2011-07-28 19:52 -------- d-----w- c:\program files\DivX
2011-07-28 19:51 . 2011-07-28 19:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-07-28 19:06 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-28 06:09 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-28 06:09 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-07-28 06:09 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-07-28 06:09 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-28 06:09 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-28 06:09 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-28 06:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-07-28 06:06 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-28 06:06 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-28 06:06 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-28 06:06 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-28 06:06 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-28 06:06 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-28 06:06 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-07-28 06:06 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-07-28 06:05 . 2011-08-05 22:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-07-21 05:17 . 2011-07-21 05:17 -------- d-----w- c:\users\jULiO\AppData\Roaming\NetMedia Providers
2011-07-21 04:14 . 2011-07-21 04:14 -------- d-----w- c:\users\jULiO\AppData\Roaming\Publish Providers
2011-07-21 04:11 . 2011-07-21 04:11 -------- d-----w- c:\program files\Vstplugins
2011-07-18 00:11 . 2011-07-18 00:11 -------- d-----w- c:\users\jULiO\AppData\Local\PackageAware
2011-07-14 01:13 . 2011-07-21 04:09 -------- d-----w- c:\program files\Sony Setup
2011-07-14 01:10 . 2011-07-21 04:12 -------- d-----w- c:\users\jULiO\AppData\Local\Sony
2011-07-14 01:09 . 2011-07-21 04:11 -------- d-----w- c:\program files\Sony
2011-07-14 01:08 . 2011-07-21 05:17 -------- d-----w- c:\users\jULiO\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 01:14 . 2009-10-26 06:13 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-03-06 915512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\jULiO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-29 477736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-18 398848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-08-06 14336]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-12-01 31312]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-07-08 318464]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-07-08 51456]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [2010-09-01 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [2010-09-01 120144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-09-01 107856]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 13312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 20:07]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 20:07]
.
2011-01-24 c:\windows\Tasks\Norton Security Scan for jULiO.job
- c:\progra~1\NORTON~2\Engine\273~1.34\Nss.exe [2010-11-13 08:51]
.
2009-10-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 192.168.15.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 23:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-09 23:33:31
ComboFix-quarantined-files.txt 2011-08-10 05:33
ComboFix2.txt 2011-08-07 03:05
.
Pre-Run: 213,927,645,184 bytes free
Post-Run: 214,078,545,920 bytes free
.
- - End Of File - - A7D82E525E9396B5ED68B826A8F0D509
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP