Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Freezes and/or bluescreen viruses [Closed]

Started by Krazo , Aug 15 2011 08:59 AM

  • This topic is locked This topic is locked

#1
Krazo
Posted 15 August 2011 - 08:59 AM

Krazo

    Member

  • Member
  • PipPip
  • 13 posts
My Dell laptop computer has been playing up lately when I turn it on with the power cord plugged in it will freeze within minutes of starting up and sometimes will go to a bluescreen. If I am watch movies on the internet e.g. youtube it will sometimes stay on longer and eventually go to a bluescreen (very rarely will it freeze with watching an internet movie). I tried to do a system restore which worked until I reactivated my licence on my antivirus then it all started again. When however if I don't plug it in it doesn’t freeze or bluescreen until lately. I recently payed some on to fix my computer and it didn't keep freezing but it was slower than before then after I plugged my USB storage device back in my computer started showing the exact same symptoms as before again but even slower. I then formatted my USB storage device hopefully getting rid of the virus on the USB. I have uTorrent but one of my friends told me that was probably where I was getting the viruses from (it started just after I installed it) but when I tried to delete uTorrent it wouldn't let me, so anything you could recommend in respect of destroying the viruses, speeding up my computer and deleting uTorrent (shouldn't be too hard it just says I don't have permission to delete it) would be much appreciated.

P.S. it also used to show error cods but they have stopped, they had something to do with system 32 and not being able to read image

P.P.S. also my memory keeps getting used up i used to have 35-40gb that i had used of my computers memory and now it is 61 and i haven't installed or downloaded anything.


OTL logfile created on: 15/08/2011 11:17:05 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\vincent\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.40% Memory free
4.22 Gb Paging File | 1.94 Gb Available in Paging File | 45.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 75.05 Gb Free Space | 54.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.95 Gb Free Space | 49.51% Space Free | Partition Type: NTFS
Drive F: | 3.82 Gb Total Space | 1.89 Gb Free Space | 49.34% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/15 23:15:57 | 000,579,584 | ---- | M] () -- C:\Users\vincent\Desktop\OTL.exe
PRC - [2011/07/03 00:32:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/05/29 08:46:50 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/15 00:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/12 21:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 16:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 16:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 16:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 16:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/15 23:15:57 | 000,579,584 | ---- | M] () -- C:\Users\vincent\Desktop\OTL.exe
MOD - [2011/08/06 12:21:25 | 000,400,440 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
MOD - [2011/08/06 12:21:24 | 004,118,072 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\13.0.782.112\pdf.dll
MOD - [2011/08/06 12:19:58 | 000,104,520 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\13.0.782.112\avutil-50.dll
MOD - [2011/08/06 12:19:56 | 000,203,848 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\13.0.782.112\avformat-52.dll
MOD - [2011/08/06 12:19:55 | 001,846,344 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\13.0.782.112\avcodec-52.dll
MOD - [2011/08/06 10:29:30 | 006,338,720 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\13.0.782.112\gcswf32.dll
MOD - [2011/08/06 10:29:30 | 006,338,720 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\APPLIC~1\130782~1.112\gcswf32.dll
MOD - [2011/06/23 23:55:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
MOD - [2011/06/23 23:50:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MOD - [2011/06/23 23:50:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2009/09/05 01:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 23:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 23:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2006/11/03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/29 18:31:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/14 09:39:06 | 000,072,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2008/03/06 17:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/28 06:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/12 21:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 16:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 02:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 15:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 19:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/02 17:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/14 02:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/14 02:09:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\NetDog\netd.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NetDog\netd.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O24 - Desktop WallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell - "" = AutoRun
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\patch\command - "" = G:\goodies\patch\patch2.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 22:58:57 | 000,000,000 | ---D | C] -- C:\Users\vincent\Desktop\Harry.Potter.And.The.Deathly.Hallows.Part.1.2010.BRRip.XviD.AC3-KiNGS
[2011/08/11 23:47:22 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\etax2011
[2011/08/11 23:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\etax2011
[2011/08/09 19:35:43 | 000,000,000 | -HSD | C] -- C:\found.011
[2011/08/07 23:19:39 | 000,000,000 | ---D | C] -- C:\Users\vincent\Desktop\Skrillex
[2011/08/07 03:19:08 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Fastest Free YouTube Downloader
[2011/08/01 09:11:13 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Users\vincent\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2011/07/17 02:06:37 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Mozilla
[2010/05/21 20:57:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\vincent\AppData\Roaming\pcouffin.sys
[2008/04/03 03:28:22 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2008/04/03 03:28:22 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/15 23:20:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000UA.job
[2011/08/15 23:15:57 | 000,579,584 | ---- | M] () -- C:\Users\vincent\Desktop\OTL.exe
[2011/08/15 22:28:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 22:28:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 20:27:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/15 04:20:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000Core.job
[2011/08/14 22:06:54 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 21:47:11 | 004,174,985 | ---- | M] () -- C:\Users\vincent\Desktop\Till I Collapse (Filth Dubstep Remix).mp3
[2011/08/11 16:58:28 | 074,370,904 | ---- | M] () -- C:\Users\vincent\Desktop\I'm Not Afraid (Remix) acc.wav
[2011/08/10 04:35:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/08 01:41:47 | 010,107,012 | ---- | M] () -- C:\Users\vincent\Desktop\Numb - H320 ( Dubstep Remix ).mp3
[2011/08/07 04:16:41 | 006,153,646 | ---- | M] () -- C:\Users\vincent\Desktop\RHYNO - Ambivalence (Dubstep).mp3
[2011/08/07 03:53:24 | 006,405,052 | ---- | M] () -- C:\Users\vincent\Desktop\Kanye West - Stronger.mp3
[2011/08/07 03:08:40 | 113,584,394 | ---- | M] () -- C:\Users\vincent\Desktop\Things.7z
[2011/08/02 21:54:14 | 000,068,092 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/08/01 21:47:25 | 126,462,054 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/01 16:10:09 | 343,497,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/01 09:11:20 | 005,570,000 | ---- | M] (AVG Technologies) -- C:\Users\vincent\Desktop\avg_free_stb_all_2011_1390_cnet.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/15 23:15:53 | 000,579,584 | ---- | C] () -- C:\Users\vincent\Desktop\OTL.exe
[2011/08/14 01:44:11 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/11 21:36:26 | 004,174,985 | ---- | C] () -- C:\Users\vincent\Desktop\Till I Collapse (Filth Dubstep Remix).mp3
[2011/08/11 16:47:22 | 074,370,904 | ---- | C] () -- C:\Users\vincent\Desktop\I'm Not Afraid (Remix) acc.wav
[2011/08/07 22:52:23 | 010,107,012 | ---- | C] () -- C:\Users\vincent\Desktop\Numb - H320 ( Dubstep Remix ).mp3
[2011/08/07 03:04:56 | 113,584,394 | ---- | C] () -- C:\Users\vincent\Desktop\Things.7z
[2011/08/07 02:09:46 | 006,153,646 | ---- | C] () -- C:\Users\vincent\Desktop\RHYNO - Ambivalence (Dubstep).mp3
[2011/08/07 02:07:10 | 006,405,052 | ---- | C] () -- C:\Users\vincent\Desktop\Kanye West - Stronger.mp3
[2011/08/01 10:47:39 | 343,497,038 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/08 15:22:18 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/12/08 15:22:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BXD2140.DAT
[2010/09/14 08:32:57 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2010/09/14 08:32:57 | 000,000,039 | ---- | C] () -- C:\Windows\MYOB.INI
[2010/09/14 08:32:03 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2010/09/14 08:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2010/09/14 08:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2010/05/21 21:00:58 | 000,001,189 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\vso_ts_preview.xml
[2010/05/21 20:57:12 | 000,087,608 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\inst.exe
[2010/05/21 20:57:12 | 000,007,887 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.cat
[2010/05/21 20:57:12 | 000,001,144 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.inf
[2009/11/27 23:19:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/27 15:11:33 | 000,000,164 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\default.rss
[2009/09/24 12:07:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 12:07:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/14 08:51:26 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/28 09:52:13 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009/04/15 17:55:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/04/15 17:55:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/04/05 15:33:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/14 09:39:06 | 000,072,992 | ---- | C] () -- C:\Windows\System32\drivers\bckd.sys
[2008/12/14 06:13:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wins4f.dll
[2008/12/14 06:13:42 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008/11/13 03:03:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/30 15:13:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/25 13:20:57 | 000,113,080 | ---- | C] () -- C:\ProgramData\BMcda75ccf.xml
[2008/09/25 13:20:57 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/07/16 20:30:30 | 000,000,192 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\wklnhst.dat
[2008/04/13 23:32:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/13 20:38:27 | 000,006,648 | ---- | C] () -- C:\Users\vincent\AppData\Local\d3d9caps.dat
[2008/04/11 20:43:55 | 000,114,688 | ---- | C] () -- C:\Users\vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/03 03:28:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/04/03 03:28:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/04/03 03:28:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/04/03 03:28:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/04/03 03:28:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/04/03 03:28:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/02 19:45:45 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/04/02 19:34:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/11 08:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:44:53 | 003,647,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 002,225,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,939,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ctreestd.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/12/14 00:16:20 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Audacity
[2011/03/05 01:43:48 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\AVG
[2010/12/14 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\AVG10
[2011/02/25 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\BitTorrent
[2009/04/15 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Blitware
[2010/06/29 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DAEMON Tools Lite
[2010/06/29 08:18:55 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DAEMON Tools Pro
[2010/11/10 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DriverCure
[2011/06/10 00:01:25 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\f-secure
[2011/08/07 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Fastest Free YouTube Downloader
[2010/05/23 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\FreeBurner
[2011/08/10 02:19:26 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Opera
[2010/11/10 17:56:45 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\ParetoLogic
[2010/07/26 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Solveig Multimedia
[2010/08/10 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008/07/16 20:30:31 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Template
[2010/05/23 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\tmp
[2011/08/15 23:24:44 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\uTorrent
[2010/05/21 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Vso
[2011/08/10 04:35:43 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6971CCC5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements

#2
havredave
Posted 23 August 2011 - 01:01 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix. Also, I'm currently still in training, so there may be a longer than normal pause between my posts as I get expert feedback and permission to post each fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.

As it's been a while since your scans were done, please do the following to generate some fresh ones for me:

First:

Download a new copy of OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the text from the codeblock below (ctrl-c) and paste it (ctrl-v) into the Custom Scans/Fixes box.

    netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.sys
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Put a checkmark in the Scan All Users checkbox.
  • Put checkmarks in the LOP Check and Purity Check checkboxes.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

If it asks you to download virus definitions, please say yes.

Click the "Scan" button to start scan. It could take a while, especially for the virus scan part. Do not let it fix anything, just do the scan.
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Essexboy
Posted 31 August 2011 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Essexboy
Posted 08 October 2011 - 03:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:) User returned

To ensure that you are notified of replies, click options at the bottom and ensure that enable of e-mail notification is ticked :yes:

[attachment=52845:Capture.GIF]
  • 0

#5
Krazo
Posted 09 October 2011 - 01:18 PM

Krazo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, havredave,
I ran those test that you wanted me to and there was no Extras.Txt for OTL scan (ran it twice and didn't come up either time) but here are the rsults for the other scans

OTL.Txt


OTL logfile created on: 10/10/2011 3:19:27 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\vincent\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.12% Memory free
4.22 Gb Paging File | 2.58 Gb Available in Paging File | 61.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 74.14 Gb Free Space | 54.32% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.43 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 7.08 Gb Free Space | 98.25% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 02:48:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/14 10:20:02 | 000,033,792 | ---- | M] (Roozz.com) -- C:\Program Files\Roozz\RoozzHelper.exe
PRC - [2011/07/03 00:32:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/15 00:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/12 21:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 16:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 16:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 16:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 16:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/02 05:24:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
MOD - [2011/09/01 16:04:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MOD - [2011/09/01 16:04:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2009/09/05 01:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 23:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 23:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe
MOD - [2006/11/03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/14 10:20:02 | 000,033,792 | ---- | M] (Roozz.com) [Auto | Running] -- C:\Program Files\Roozz\RoozzHelper.exe -- (Roozz Helper)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/29 18:31:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/14 09:39:06 | 000,072,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2008/03/06 17:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/28 06:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/12 21:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 16:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 02:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 15:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 19:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/02 17:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - No CLSID value found
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-432222374-1183367405-199368062-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=au&ibd=0080402
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=0080402
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-432222374-1183367405-199368062-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Roozz.com/RoozzPlugin: C:\Program Files\Roozz\nproozz.dll (Roozz.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/14 02:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/20 01:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/09/27 13:35:57 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Roozz plugin (Enabled) = C:\Program Files\Roozz\nproozz.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..\Toolbar\WebBrowser: (no name) - {D1E06B91-60E6-4492-AF9F-53043FA32716} - No CLSID value found.
O3 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..\Toolbar\WebBrowser: (no name) - {FFA0793E-3980-4BE4-8234-048FA665F700} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-432222374-1183367405-199368062-1000..\Run: [F.lux] C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-432222374-1183367405-199368062-1001..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-432222374-1183367405-199368062-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-432222374-1183367405-199368062-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-432222374-1183367405-199368062-1001..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\NetDog\netd.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NetDog\netd.dll ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-432222374-1183367405-199368062-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-432222374-1183367405-199368062-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-432222374-1183367405-199368062-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD920C4A-0564-4993-B065-50F371B06390}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/18 22:08:18 | 000,014,791 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell - "" = AutoRun
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\patch\command - "" = G:\goodies\patch\patch2.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 02:48:26 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
[2011/10/09 05:12:00 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2011/10/09 05:11:57 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\Apps
[2011/10/09 01:45:59 | 000,000,000 | ---D | C] -- C:\Users\vincent\.IBot
[2011/09/29 15:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/22 01:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/09/22 01:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/09/22 01:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/09/21 18:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/09/21 18:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/09/20 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Mozilla
[2011/09/19 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Profibot
[2011/09/18 02:12:58 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Bandoo
[2011/09/18 01:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profibot
[2011/09/18 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\Ilivid Player
[2011/09/18 01:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011/09/18 01:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/09/18 01:21:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2011/09/18 01:20:12 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\PackageAware
[2010/05/21 20:57:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\vincent\AppData\Roaming\pcouffin.sys
[2008/04/03 03:28:22 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2008/04/03 03:28:22 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[4 C:\Users\vincent\AppData\Roaming\*.tmp files -> C:\Users\vincent\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 02:53:09 | 000,047,956 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia.jpg
[2011/10/10 02:49:30 | 003,042,537 | ---- | M] () -- C:\Users\vincent\Desktop\Things.7z
[2011/10/10 02:48:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
[2011/10/10 02:34:51 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000UA.job
[2011/10/10 02:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000Core.job
[2011/10/10 02:32:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 02:32:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/10/09 14:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 20:29:37 | 000,000,656 | ---- | M] () -- C:\Users\vincent\Desktop\bioBot.lnk
[2011/10/06 05:11:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/10/05 08:37:14 | 000,036,663 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia 2.jpg
[2011/10/04 09:27:47 | 008,078,878 | ---- | M] () -- C:\Users\vincent\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/10/02 16:05:51 | 000,383,015 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia.psd
[2011/09/30 13:18:06 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 15:00:00 | 021,073,936 | ---- | M] () -- C:\Users\vincent\Documents\vlc-1.1.11-win32.exe
[2011/09/28 00:44:51 | 000,157,539 | ---- | M] () -- C:\Users\vincent\Desktop\map for aod.jpg
[2011/09/22 01:48:53 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 23:10:47 | 008,103,093 | ---- | M] () -- C:\Users\vincent\Desktop\Adele-Rolling In The Deep (Proximas Remix).mp3
[2011/09/20 03:25:04 | 008,012,833 | ---- | M] () -- C:\Users\vincent\Desktop\Adele vs. Skrillex - Set Fire To Everybody.mp3
[2011/09/19 23:40:21 | 000,188,416 | ---- | M] () -- C:\Users\vincent\AppData\Roaming\chrtmp
[4 C:\Users\vincent\AppData\Roaming\*.tmp files -> C:\Users\vincent\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 02:49:25 | 003,042,537 | ---- | C] () -- C:\Users\vincent\Desktop\Things.7z
[2011/10/07 20:29:37 | 000,000,656 | ---- | C] () -- C:\Users\vincent\Desktop\bioBot.lnk
[2011/10/05 08:36:35 | 000,036,663 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia 2.jpg
[2011/10/04 03:02:05 | 008,078,878 | ---- | C] () -- C:\Users\vincent\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/10/02 03:33:11 | 000,383,015 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia.psd
[2011/10/02 03:18:21 | 000,047,956 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia.jpg
[2011/09/29 14:59:20 | 021,073,936 | ---- | C] () -- C:\Users\vincent\Documents\vlc-1.1.11-win32.exe
[2011/09/28 00:44:48 | 000,157,539 | ---- | C] () -- C:\Users\vincent\Desktop\map for aod.jpg
[2011/09/21 18:18:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/21 18:14:36 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 03:24:38 | 008,012,833 | ---- | C] () -- C:\Users\vincent\Desktop\Adele vs. Skrillex - Set Fire To Everybody.mp3
[2011/09/20 03:23:49 | 008,103,093 | ---- | C] () -- C:\Users\vincent\Desktop\Adele-Rolling In The Deep (Proximas Remix).mp3
[2011/09/18 01:49:35 | 000,188,416 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\chrtmp
[2010/12/08 15:22:18 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/12/08 15:22:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BXD2140.DAT
[2010/09/14 08:32:57 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2010/09/14 08:32:57 | 000,000,039 | ---- | C] () -- C:\Windows\MYOB.INI
[2010/09/14 08:32:03 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2010/09/14 08:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2010/09/14 08:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2010/05/21 21:00:58 | 000,001,189 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\vso_ts_preview.xml
[2010/05/21 20:57:12 | 000,087,608 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\inst.exe
[2010/05/21 20:57:12 | 000,007,887 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.cat
[2010/05/21 20:57:12 | 000,001,144 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.inf
[2009/11/27 23:19:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/27 15:11:33 | 000,000,164 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\default.rss
[2009/09/24 12:07:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 12:07:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/14 08:51:26 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/28 09:52:13 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009/04/15 17:55:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/04/15 17:55:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/04/05 15:33:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/14 09:39:06 | 000,072,992 | ---- | C] () -- C:\Windows\System32\drivers\bckd.sys
[2008/12/14 06:13:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wins4f.dll
[2008/12/14 06:13:42 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008/11/13 03:03:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/30 15:13:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/25 13:20:57 | 000,113,080 | ---- | C] () -- C:\ProgramData\BMcda75ccf.xml
[2008/09/25 13:20:57 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/07/16 20:30:30 | 000,000,192 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\wklnhst.dat
[2008/04/13 23:32:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/13 20:38:27 | 000,006,648 | ---- | C] () -- C:\Users\vincent\AppData\Local\d3d9caps.dat
[2008/04/11 20:43:55 | 000,114,688 | ---- | C] () -- C:\Users\vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/03 03:28:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/04/03 03:28:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/04/03 03:28:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/04/03 03:28:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/04/03 03:28:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/04/03 03:28:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/02 19:45:45 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/04/02 19:34:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/11 08:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:44:53 | 003,647,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 002,225,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,939,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ctreestd.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/12/14 00:16:20 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Audacity
[2011/03/05 01:43:48 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\AVG
[2010/12/14 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\AVG10
[2011/09/18 02:12:58 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Bandoo
[2011/02/25 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\BitTorrent
[2009/04/15 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Blitware
[2010/06/29 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DAEMON Tools Lite
[2010/06/29 08:18:55 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DAEMON Tools Pro
[2010/11/10 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DriverCure
[2011/06/10 00:01:25 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\f-secure
[2011/08/07 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Fastest Free YouTube Downloader
[2010/05/23 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\FreeBurner
[2011/08/10 02:19:26 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Opera
[2010/11/10 17:56:45 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\ParetoLogic
[2010/07/26 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Solveig Multimedia
[2010/08/10 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008/07/16 20:30:31 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Template
[2010/05/23 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\tmp
[2011/08/28 03:49:27 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\uTorrent
[2010/05/21 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Vso
[2010/12/28 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\Vincent_2\AppData\Roaming\AVG10
[2011/10/09 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/10/06 05:11:04 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/09/21 13:19:31 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/04/03 03:19:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/04/03 03:19:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 17:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 17:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 17:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 17:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 17:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/04/18 16:24:08 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/04/18 16:24:09 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/04/18 16:24:09 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 17:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 17:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 17:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 16:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 17:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 16:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/05/25 21:51:21 | 000,941,936 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6971CCC5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >




aswMBR.Txt

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-10 04:41:08
-----------------------------
04:41:08.171 OS Version: Windows 6.0.6002 Service Pack 2
04:41:08.171 Number of processors: 2 586 0xF0D
04:41:08.173 ComputerName: HOME-PC UserName: vincent
04:41:11.990 Initialize success
04:55:26.839 AVAST engine defs: 11100901
04:56:49.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
04:56:49.746 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
04:56:51.773 Disk 0 MBR read successfully
04:56:51.778 Disk 0 MBR scan
04:56:51.790 Disk 0 Windows VISTA default MBR code
04:56:51.801 Disk 0 scanning sectors +312578048
04:56:51.907 Disk 0 scanning C:\Windows\system32\drivers
04:57:07.158 Service scanning
04:57:08.695 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
04:57:09.403 Modules scanning
04:57:21.356 Disk 0 trace - called modules:
04:57:21.432 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spjc.sys hal.dll >>UNKNOWN [0x84dc4938]<<
04:57:21.441 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863bdac8]
04:57:21.817 3 CLASSPNP.SYS[881a68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84ea0030]
04:57:23.102 AVAST engine scan C:\Windows
04:57:26.252 AVAST engine scan C:\Windows\system32
05:00:44.166 AVAST engine scan C:\Windows\system32\drivers
05:01:16.144 AVAST engine scan C:\Users\vincent
05:04:26.595 File: C:\Users\vincent\AppData\Roaming\1D73.tmp **INFECTED** Win32:IRCBot-EAA [Trj]
05:04:26.792 File: C:\Users\vincent\AppData\Roaming\4D0B.tmp **INFECTED** Win32:VB-YJN [Trj]
05:04:26.926 File: C:\Users\vincent\AppData\Roaming\52D1.tmp **INFECTED** Win32:VB-YJN [Trj]
05:04:27.086 File: C:\Users\vincent\AppData\Roaming\ADDB.tmp **INFECTED** Win32:VB-YJN [Trj]
05:06:28.734 AVAST engine scan C:\ProgramData
05:10:36.268 Scan finished successfully
05:12:36.024 Disk 0 MBR has been saved successfully to "C:\Users\vincent\Desktop\MBR.dat"
05:12:36.041 The log file has been saved successfully to "C:\Users\vincent\Desktop\aswMBR.txt"
  • 0

#6
havredave
Posted 10 October 2011 - 09:10 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi there :)

Let me get myself re-acquainted with what's going on, and we'll get moving on your fix again. I should post later today!
  • 0

#7
havredave
Posted 10 October 2011 - 10:34 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
For the extras.txt I'm after, I actually didn't give you the right option to click in OTL. Please do this, which will give me a fresh OTL.txt and an Extras.txt:

Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Use Safe List" radio button in the Extra Registry section.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

I have other things I'd like you to do as well, but I need to get them cleared first. :)
  • 0

#8
Krazo
Posted 11 October 2011 - 02:10 AM

Krazo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ok well i did that and here are the results

OTL.Txt






OTL logfile created on: 11/10/2011 5:51:25 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\vincent\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.58% Memory free
4.22 Gb Paging File | 2.59 Gb Available in Paging File | 61.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 73.51 Gb Free Space | 53.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.42 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 7.08 Gb Free Space | 98.25% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 17:48:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/14 10:20:02 | 000,033,792 | ---- | M] (Roozz.com) -- C:\Program Files\Roozz\RoozzHelper.exe
PRC - [2011/07/03 00:32:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/15 00:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/12 21:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 16:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 16:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 16:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 16:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/02 05:24:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
MOD - [2011/09/01 16:04:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MOD - [2011/09/01 16:04:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2009/09/05 01:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 23:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 23:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe
MOD - [2006/11/03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/14 10:20:02 | 000,033,792 | ---- | M] (Roozz.com) [Auto | Running] -- C:\Program Files\Roozz\RoozzHelper.exe -- (Roozz Helper)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/29 18:31:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/14 09:39:06 | 000,072,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2008/03/06 17:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/28 06:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/12 21:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 16:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 02:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 15:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 19:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/02 17:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Roozz.com/RoozzPlugin: C:\Program Files\Roozz\nproozz.dll (Roozz.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/14 02:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/20 01:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/09/27 13:35:57 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Roozz plugin (Enabled) = C:\Program Files\Roozz\nproozz.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\NetDog\netd.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NetDog\netd.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD920C4A-0564-4993-B065-50F371B06390}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/18 22:08:18 | 000,014,791 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell - "" = AutoRun
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\patch\command - "" = G:\goodies\patch\patch2.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 17:48:17 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
[2011/10/10 04:51:32 | 000,000,000 | ---D | C] -- C:\Users\vincent\Desktop\Things
[2011/10/10 04:38:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\vincent\Desktop\aswMBR.exe
[2011/10/09 05:12:00 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2011/10/09 05:11:57 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\Apps
[2011/10/09 01:45:59 | 000,000,000 | ---D | C] -- C:\Users\vincent\.IBot
[2011/09/29 15:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/22 01:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/09/22 01:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/09/22 01:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/09/21 18:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/09/21 18:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/09/20 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Mozilla
[2011/09/19 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Profibot
[2011/09/18 02:12:58 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Bandoo
[2011/09/18 01:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profibot
[2011/09/18 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\Ilivid Player
[2011/09/18 01:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011/09/18 01:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/09/18 01:21:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2011/09/18 01:20:12 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\PackageAware
[2010/05/21 20:57:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\vincent\AppData\Roaming\pcouffin.sys
[2008/04/03 03:28:22 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2008/04/03 03:28:22 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[4 C:\Users\vincent\AppData\Roaming\*.tmp files -> C:\Users\vincent\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/10/11 17:48:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
[2011/10/11 17:34:17 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000UA.job
[2011/10/11 16:07:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 16:07:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 02:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000Core.job
[2011/10/10 16:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 16:07:18 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 05:12:36 | 000,000,512 | ---- | M] () -- C:\Users\vincent\Desktop\MBR.dat
[2011/10/10 04:40:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\vincent\Desktop\aswMBR.exe
[2011/10/10 02:53:09 | 000,047,956 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia.jpg
[2011/10/10 02:49:30 | 003,042,537 | ---- | M] () -- C:\Users\vincent\Desktop\Things.7z
[2011/10/07 20:29:37 | 000,000,656 | ---- | M] () -- C:\Users\vincent\Desktop\bioBot.lnk
[2011/10/06 05:11:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/10/05 08:37:14 | 000,036,663 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia 2.jpg
[2011/10/04 09:27:47 | 008,078,878 | ---- | M] () -- C:\Users\vincent\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/10/02 16:05:51 | 000,383,015 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia.psd
[2011/09/29 15:00:00 | 021,073,936 | ---- | M] () -- C:\Users\vincent\Documents\vlc-1.1.11-win32.exe
[2011/09/28 00:44:51 | 000,157,539 | ---- | M] () -- C:\Users\vincent\Desktop\map for aod.jpg
[2011/09/22 01:48:53 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 23:10:47 | 008,103,093 | ---- | M] () -- C:\Users\vincent\Desktop\Adele-Rolling In The Deep (Proximas Remix).mp3
[2011/09/20 03:25:04 | 008,012,833 | ---- | M] () -- C:\Users\vincent\Desktop\Adele vs. Skrillex - Set Fire To Everybody.mp3
[2011/09/19 23:40:21 | 000,188,416 | ---- | M] () -- C:\Users\vincent\AppData\Roaming\chrtmp
[4 C:\Users\vincent\AppData\Roaming\*.tmp files -> C:\Users\vincent\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 05:12:36 | 000,000,512 | ---- | C] () -- C:\Users\vincent\Desktop\MBR.dat
[2011/10/10 02:49:25 | 003,042,537 | ---- | C] () -- C:\Users\vincent\Desktop\Things.7z
[2011/10/07 20:29:37 | 000,000,656 | ---- | C] () -- C:\Users\vincent\Desktop\bioBot.lnk
[2011/10/05 08:36:35 | 000,036,663 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia 2.jpg
[2011/10/04 03:02:05 | 008,078,878 | ---- | C] () -- C:\Users\vincent\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/10/02 03:33:11 | 000,383,015 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia.psd
[2011/10/02 03:18:21 | 000,047,956 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia.jpg
[2011/09/29 14:59:20 | 021,073,936 | ---- | C] () -- C:\Users\vincent\Documents\vlc-1.1.11-win32.exe
[2011/09/28 00:44:48 | 000,157,539 | ---- | C] () -- C:\Users\vincent\Desktop\map for aod.jpg
[2011/09/21 18:18:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/21 18:14:36 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 03:24:38 | 008,012,833 | ---- | C] () -- C:\Users\vincent\Desktop\Adele vs. Skrillex - Set Fire To Everybody.mp3
[2011/09/20 03:23:49 | 008,103,093 | ---- | C] () -- C:\Users\vincent\Desktop\Adele-Rolling In The Deep (Proximas Remix).mp3
[2011/09/18 01:49:35 | 000,188,416 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\chrtmp
[2010/12/08 15:22:18 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/12/08 15:22:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BXD2140.DAT
[2010/09/14 08:32:57 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2010/09/14 08:32:57 | 000,000,039 | ---- | C] () -- C:\Windows\MYOB.INI
[2010/09/14 08:32:03 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2010/09/14 08:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2010/09/14 08:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2010/05/21 21:00:58 | 000,001,189 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\vso_ts_preview.xml
[2010/05/21 20:57:12 | 000,087,608 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\inst.exe
[2010/05/21 20:57:12 | 000,007,887 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.cat
[2010/05/21 20:57:12 | 000,001,144 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.inf
[2009/11/27 23:19:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/27 15:11:33 | 000,000,164 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\default.rss
[2009/09/24 12:07:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 12:07:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/14 08:51:26 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/28 09:52:13 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009/04/15 17:55:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/04/15 17:55:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/04/05 15:33:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/14 09:39:06 | 000,072,992 | ---- | C] () -- C:\Windows\System32\drivers\bckd.sys
[2008/12/14 06:13:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wins4f.dll
[2008/12/14 06:13:42 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008/11/13 03:03:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/30 15:13:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/25 13:20:57 | 000,113,080 | ---- | C] () -- C:\ProgramData\BMcda75ccf.xml
[2008/09/25 13:20:57 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/07/16 20:30:30 | 000,000,192 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\wklnhst.dat
[2008/04/13 23:32:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/13 20:38:27 | 000,006,648 | ---- | C] () -- C:\Users\vincent\AppData\Local\d3d9caps.dat
[2008/04/11 20:43:55 | 000,114,688 | ---- | C] () -- C:\Users\vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/03 03:28:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/04/03 03:28:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/04/03 03:28:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/04/03 03:28:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/04/03 03:28:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/04/03 03:28:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/02 19:45:45 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/04/02 19:34:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/11 08:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:44:53 | 003,647,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 002,225,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,939,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ctreestd.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6971CCC5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >





Extras.Txt







OTL Extras logfile created on: 11/10/2011 5:51:26 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\vincent\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.58% Memory free
4.22 Gb Paging File | 2.59 Gb Available in Paging File | 61.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 73.51 Gb Free Space | 53.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.42 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 7.08 Gb Free Space | 98.25% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1078F3DE-3292-4777-9134-5CDCF16F8685}" = lport=3689 | protocol=6 | dir=in | name=ipod port1 |
"{D41DB8C1-F495-47E8-98C2-8BFC82A3741C}" = lport=5353 | protocol=17 | dir=in | name=ipod port 2 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B12A560-7FCB-43B5-A238-C4CDC3069455}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2EFFB10F-7F61-4EF0-B181-FE21A2E31152}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{32448828-E274-4252-A41E-20898F25268F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33878673-706B-47AA-B146-1518808099EC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3903DBAB-E2EF-4072-90A6-16B272E3219B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4CA46671-318B-4EC9-9297-7D2503891F37}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{51A23B30-075A-440C-BBF8-8D43A113A26D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{54CFA0A5-5A00-4BCA-8D1E-4577468EE151}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{56ADC2C7-6FDE-4506-973D-2C338FB4A2C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5B3BFCD0-4E4A-4A0A-B84E-16BB4C4AE9DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5D2D4CE7-72A0-4109-8395-7E86F1A7A5AB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{66795FB0-90CF-497B-ADE9-AE29C8F09B23}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{668EF69C-9C01-4122-A08A-90A2F587651E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{672E41EF-4B6F-4916-9B11-CA13AC9E54E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{69E97A2D-B021-4736-BCD5-825FE62C5160}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6A8994FB-B8A7-4F18-A4BA-963C99574458}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6AF3B800-71E3-4B72-B121-092F61EF93D6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7D31583C-8A4F-4655-8F51-6033C058B926}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{84C774BC-2EEB-47EC-BE35-74E9A8D621C0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{869116F8-01B7-4B36-A6C3-2726858551DC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{A00D1025-23A4-4817-A8FC-4DA5A19A6A54}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A014AF7D-5C24-4783-8D4E-70FA61E18164}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{AACF146E-9406-46DF-8C76-7DDE6699D6A8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{B3E7034A-D846-4C9E-A4A8-D196D4C365E2}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{B8480003-8C96-43A9-A888-D9F934F521D4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C1F7FB1F-2FE8-461A-B7A6-5A35FD80B7FB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D2C3265C-A523-4904-9B3B-EC646639CB29}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DE93756D-BBB5-48AA-85D6-C9DC3B4186B9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{28F26EB1-EBAB-48B8-AA26-FDA99DF33B1F}C:\users\vincent\desktop\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\vincent\desktop\starcraft\starcraft.exe |
"TCP Query User{4432444F-1E5F-489E-AC3B-E7E471E654AB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5334B0F3-A023-4BB4-B688-7DC38A0A956F}F:\nathan\starcraft\starcraft.exe" = protocol=6 | dir=in | app=f:\nathan\starcraft\starcraft.exe |
"TCP Query User{E3A615E7-8025-4B4F-BFCD-3BD0E7058410}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{F0DBC4FB-5BFE-4674-8B48-68169D8F8FB0}F:\nathan\lierox v0.56 pack 1.9\lierox.exe" = protocol=6 | dir=in | app=f:\nathan\lierox v0.56 pack 1.9\lierox.exe |
"UDP Query User{22B5F2A1-1C22-441D-ABCF-35503B10F918}C:\users\vincent\desktop\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\vincent\desktop\starcraft\starcraft.exe |
"UDP Query User{497F9130-6835-4B81-BDB5-D1A04B75A3B5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{566212D4-9C22-4B5B-ADA1-D779DADE964B}F:\nathan\lierox v0.56 pack 1.9\lierox.exe" = protocol=17 | dir=in | app=f:\nathan\lierox v0.56 pack 1.9\lierox.exe |
"UDP Query User{A5A3C76C-2516-4A7A-8EAB-8FB3354AF2D3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{DAF3C788-7E4D-4459-B30C-2FB7AF3F3723}F:\nathan\starcraft\starcraft.exe" = protocol=17 | dir=in | app=f:\nathan\starcraft\starcraft.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}" = MYOB ODBC Direct v7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.288
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ComandoMPDDeinstKey" = Commandos, Beyond the Call of Duty
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Defraggler" = Defraggler
"Dell PC Fax" = Dell PC Fax
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Freecorder4.1" = Freecorder
"Google Desktop" = Google Desktop
"Graph_is1" = Graph 4.3
"InstallShield_{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}" = MYOB ODBC Direct v7
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NetDog_IS" = NetDog
"Opera 11.11.2109" = Opera 11.11
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"Roozz plugin_is1" = Roozz plugin 2.5.2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/01/2011 10:49:07 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 6/01/2011 10:49:07 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 6/01/2011 10:49:07 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 6/01/2011 10:49:08 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 6/01/2011 10:49:08 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 6/01/2011 10:49:08 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 6/01/2011 10:49:08 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/01/2011 10:49:08 AM | Computer Name = home-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 8/01/2011 11:02:16 AM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x1358, application start time
0x01cbaf4355a148de.

Error - 8/01/2011 12:13:44 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 29/09/2011 11:23:12 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/10/2011 11:09:35 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 5/10/2011 9:12:34 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/10/2011 1:45:37 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/10/2011 9:32:20 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/10/2011 2:07:43 AM | Computer Name = home-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:29:46 AM on 10/10/2011 was unexpected.

Error - 10/10/2011 2:08:53 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2011 2:08:53 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2011 2:08:53 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/10/2011 2:13:11 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >
  • 0

#9
havredave
Posted 11 October 2011 - 08:54 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Thanks for getting those to me. I have a few things for you to do today that will get us started, and we'll see where it takes us.

First

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6971CCC5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell - "" = AutoRun
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\log\command - "" = G:\goodies\machine\machine.exe -l
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\machine\command - "" = G:\goodies\machine\machine.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\patch\command - "" = G:\goodies\patch\patch2.exe
O33 - MountPoints2\{42e92479-8369-11df-8154-001f3ae3c0e3}\Shell\setup\command - "" = G:\setup.exe

:Files
C:\Users\vincent\AppData\Roaming\1D73.tmp
C:\Users\vincent\AppData\Roaming\4D0B.tmp
C:\Users\vincent\AppData\Roaming\52D1.tmp
C:\Users\vincent\AppData\Roaming\ADDB.tmp

:Commands
[resethosts]
[emptyflash]
[purity]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Please post back with the new OTL.txt and the log from TDSSKiller, plus your thoughts about the machine's performance and any oddities you're still noticing.
  • 0

#10
Krazo
Posted 11 October 2011 - 10:40 PM

Krazo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
No thank you for helping me out with my computer problem

ok well the first one went fine and the computer didn't reboot

TDSSKiller.2.6.7.0_12.10.2011_02.34.35_log.txt





02:34:35.0138 4604 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
02:34:36.0365 4604 ============================================================
02:34:36.0365 4604 Current date / time: 2011/10/12 02:34:36.0365
02:34:36.0366 4604 SystemInfo:
02:34:36.0366 4604
02:34:36.0366 4604 OS Version: 6.0.6002 ServicePack: 2.0
02:34:36.0366 4604 Product type: Workstation
02:34:36.0366 4604 ComputerName: HOME-PC
02:34:36.0367 4604 UserName: vincent
02:34:36.0367 4604 Windows directory: C:\Windows
02:34:36.0367 4604 System windows directory: C:\Windows
02:34:36.0367 4604 Processor architecture: Intel x86
02:34:36.0367 4604 Number of processors: 2
02:34:36.0367 4604 Page size: 0x1000
02:34:36.0367 4604 Boot type: Normal boot
02:34:36.0367 4604 ============================================================
02:34:37.0777 4604 Initialize success
02:34:40.0992 2904 ============================================================
02:34:40.0993 2904 Scan started
02:34:40.0993 2904 Mode: Manual;
02:34:40.0993 2904 ============================================================
02:34:42.0111 2904 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:34:42.0121 2904 ACPI - ok
02:34:42.0294 2904 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:34:42.0318 2904 adp94xx - ok
02:34:42.0468 2904 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:34:42.0478 2904 adpahci - ok
02:34:42.0552 2904 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:34:42.0557 2904 adpu160m - ok
02:34:42.0651 2904 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:34:42.0657 2904 adpu320 - ok
02:34:42.0790 2904 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
02:34:42.0799 2904 AFD - ok
02:34:42.0928 2904 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
02:34:42.0931 2904 agp440 - ok
02:34:42.0996 2904 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:34:43.0001 2904 aic78xx - ok
02:34:43.0039 2904 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
02:34:43.0042 2904 aliide - ok
02:34:43.0072 2904 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
02:34:43.0075 2904 amdagp - ok
02:34:43.0103 2904 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
02:34:43.0105 2904 amdide - ok
02:34:43.0204 2904 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:34:43.0207 2904 AmdK7 - ok
02:34:43.0242 2904 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:34:43.0244 2904 AmdK8 - ok
02:34:43.0371 2904 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
02:34:43.0377 2904 ApfiltrService - ok
02:34:43.0512 2904 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:34:43.0516 2904 arc - ok
02:34:43.0596 2904 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:34:43.0600 2904 arcsas - ok
02:34:43.0711 2904 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
02:34:43.0714 2904 ASPI32 - ok
02:34:43.0794 2904 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:34:43.0796 2904 AsyncMac - ok
02:34:43.0837 2904 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:34:43.0840 2904 atapi - ok
02:34:44.0053 2904 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
02:34:44.0058 2904 AVGIDSDriver - ok
02:34:44.0103 2904 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
02:34:44.0105 2904 AVGIDSEH - ok
02:34:44.0139 2904 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
02:34:44.0142 2904 AVGIDSFilter - ok
02:34:44.0171 2904 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
02:34:44.0174 2904 AVGIDSShim - ok
02:34:44.0242 2904 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
02:34:44.0250 2904 Avgldx86 - ok
02:34:44.0307 2904 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
02:34:44.0310 2904 Avgmfx86 - ok
02:34:44.0348 2904 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
02:34:44.0351 2904 Avgrkx86 - ok
02:34:44.0399 2904 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
02:34:44.0409 2904 Avgtdix - ok
02:34:44.0567 2904 bckd (ca52f010696f4548eb486c83b9b0a2b6) C:\Windows\system32\drivers\bckd.sys
02:34:44.0572 2904 bckd - ok
02:34:44.0672 2904 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:34:44.0674 2904 Beep - ok
02:34:44.0726 2904 blbdrive - ok
02:34:44.0817 2904 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
02:34:44.0821 2904 bowser - ok
02:34:44.0891 2904 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:34:44.0893 2904 BrFiltLo - ok
02:34:44.0923 2904 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:34:44.0925 2904 BrFiltUp - ok
02:34:44.0986 2904 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:34:44.0990 2904 Brserid - ok
02:34:45.0019 2904 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:34:45.0022 2904 BrSerWdm - ok
02:34:45.0089 2904 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:34:45.0091 2904 BrUsbMdm - ok
02:34:45.0117 2904 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:34:45.0120 2904 BrUsbSer - ok
02:34:45.0185 2904 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
02:34:45.0188 2904 BthEnum - ok
02:34:45.0273 2904 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:34:45.0276 2904 BTHMODEM - ok
02:34:45.0342 2904 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
02:34:45.0347 2904 BthPan - ok
02:34:45.0414 2904 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
02:34:45.0439 2904 BTHPORT - ok
02:34:45.0585 2904 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
02:34:45.0587 2904 BTHUSB - ok
02:34:45.0695 2904 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
02:34:45.0699 2904 btwaudio - ok
02:34:45.0754 2904 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
02:34:45.0758 2904 btwavdt - ok
02:34:45.0801 2904 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
02:34:45.0803 2904 btwrchid - ok
02:34:45.0874 2904 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:34:45.0879 2904 cdfs - ok
02:34:45.0933 2904 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:34:45.0937 2904 cdrom - ok
02:34:46.0007 2904 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:34:46.0009 2904 circlass - ok
02:34:46.0064 2904 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:34:46.0073 2904 CLFS - ok
02:34:46.0174 2904 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
02:34:46.0176 2904 CmBatt - ok
02:34:46.0225 2904 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
02:34:46.0227 2904 cmdide - ok
02:34:46.0262 2904 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
02:34:46.0264 2904 Compbatt - ok
02:34:46.0315 2904 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:34:46.0317 2904 crcdisk - ok
02:34:46.0345 2904 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:34:46.0348 2904 Crusoe - ok
02:34:46.0499 2904 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
02:34:46.0503 2904 DfsC - ok
02:34:46.0742 2904 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:34:46.0745 2904 disk - ok
02:34:46.0934 2904 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:34:46.0936 2904 drmkaud - ok
02:34:47.0187 2904 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:34:47.0213 2904 DXGKrnl - ok
02:34:47.0345 2904 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
02:34:47.0353 2904 e1express - ok
02:34:47.0435 2904 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:34:47.0441 2904 E1G60 - ok
02:34:47.0547 2904 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:34:47.0553 2904 Ecache - ok
02:34:47.0820 2904 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:34:47.0832 2904 elxstor - ok
02:34:48.0077 2904 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:34:48.0083 2904 exfat - ok
02:34:48.0164 2904 F-Secure Standalone Minifilter - ok
02:34:48.0340 2904 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:34:48.0346 2904 fastfat - ok
02:34:48.0603 2904 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
02:34:48.0606 2904 fdc - ok
02:34:48.0779 2904 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:34:48.0782 2904 FileInfo - ok
02:34:48.0853 2904 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:34:48.0856 2904 Filetrace - ok
02:34:48.0947 2904 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
02:34:48.0950 2904 flpydisk - ok
02:34:49.0030 2904 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:34:49.0037 2904 FltMgr - ok
02:34:49.0310 2904 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:34:49.0313 2904 Fs_Rec - ok
02:34:49.0556 2904 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:34:49.0559 2904 gagp30kx - ok
02:34:49.0801 2904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:34:49.0803 2904 GEARAspiWDM - ok
02:34:50.0122 2904 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:34:50.0147 2904 HDAudBus - ok
02:34:50.0286 2904 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:34:50.0288 2904 HidBth - ok
02:34:50.0367 2904 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:34:50.0374 2904 HidIr - ok
02:34:50.0422 2904 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:34:50.0425 2904 HidUsb - ok
02:34:50.0491 2904 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:34:50.0494 2904 HpCISSs - ok
02:34:50.0630 2904 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
02:34:50.0688 2904 HSF_DPV - ok
02:34:50.0733 2904 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
02:34:50.0741 2904 HSXHWAZL - ok
02:34:50.0807 2904 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
02:34:50.0830 2904 HTTP - ok
02:34:50.0906 2904 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:34:50.0909 2904 i2omp - ok
02:34:50.0983 2904 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:34:50.0986 2904 i8042prt - ok
02:34:51.0131 2904 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
02:34:51.0137 2904 iaStor - ok
02:34:51.0242 2904 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:34:51.0250 2904 iaStorV - ok
02:34:51.0647 2904 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:34:51.0746 2904 igfx - ok
02:34:51.0848 2904 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:34:51.0851 2904 iirsp - ok
02:34:51.0988 2904 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
02:34:51.0993 2904 IntcHdmiAddService - ok
02:34:52.0042 2904 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
02:34:52.0058 2904 intelide - ok
02:34:52.0126 2904 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:34:52.0129 2904 intelppm - ok
02:34:52.0237 2904 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:34:52.0241 2904 IpFilterDriver - ok
02:34:52.0270 2904 IpInIp - ok
02:34:52.0309 2904 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:34:52.0313 2904 IPMIDRV - ok
02:34:52.0364 2904 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:34:52.0369 2904 IPNAT - ok
02:34:52.0418 2904 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:34:52.0420 2904 IRENUM - ok
02:34:52.0461 2904 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
02:34:52.0464 2904 isapnp - ok
02:34:52.0515 2904 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:34:52.0522 2904 iScsiPrt - ok
02:34:52.0582 2904 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:34:52.0586 2904 iteatapi - ok
02:34:52.0642 2904 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:34:52.0645 2904 iteraid - ok
02:34:52.0691 2904 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:34:52.0695 2904 kbdclass - ok
02:34:52.0774 2904 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:34:52.0777 2904 kbdhid - ok
02:34:52.0850 2904 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
02:34:52.0874 2904 KSecDD - ok
02:34:52.0956 2904 Lbd - ok
02:34:53.0055 2904 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:34:53.0058 2904 lltdio - ok
02:34:53.0168 2904 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:34:53.0173 2904 LSI_FC - ok
02:34:53.0227 2904 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:34:53.0230 2904 LSI_SAS - ok
02:34:53.0279 2904 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:34:53.0283 2904 LSI_SCSI - ok
02:34:53.0362 2904 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:34:53.0367 2904 luafv - ok
02:34:53.0459 2904 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
02:34:53.0462 2904 mdmxsdk - ok
02:34:53.0525 2904 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:34:53.0528 2904 megasas - ok
02:34:53.0629 2904 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:34:53.0632 2904 Modem - ok
02:34:53.0730 2904 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:34:53.0733 2904 monitor - ok
02:34:53.0791 2904 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:34:53.0797 2904 mouclass - ok
02:34:53.0826 2904 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:34:53.0829 2904 mouhid - ok
02:34:53.0874 2904 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:34:53.0878 2904 MountMgr - ok
02:34:53.0945 2904 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:34:53.0949 2904 mpio - ok
02:34:53.0997 2904 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:34:54.0001 2904 mpsdrv - ok
02:34:54.0059 2904 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:34:54.0063 2904 Mraid35x - ok
02:34:54.0123 2904 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:34:54.0128 2904 MRxDAV - ok
02:34:54.0169 2904 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:34:54.0174 2904 mrxsmb - ok
02:34:54.0219 2904 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:34:54.0228 2904 mrxsmb10 - ok
02:34:54.0259 2904 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:34:54.0267 2904 mrxsmb20 - ok
02:34:54.0293 2904 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
02:34:54.0296 2904 msahci - ok
02:34:54.0325 2904 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:34:54.0330 2904 msdsm - ok
02:34:54.0401 2904 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:34:54.0403 2904 Msfs - ok
02:34:54.0441 2904 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:34:54.0444 2904 msisadrv - ok
02:34:54.0532 2904 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:34:54.0534 2904 MSKSSRV - ok
02:34:54.0613 2904 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:34:54.0616 2904 MSPCLOCK - ok
02:34:54.0687 2904 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:34:54.0690 2904 MSPQM - ok
02:34:54.0749 2904 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:34:54.0755 2904 MsRPC - ok
02:34:54.0801 2904 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:34:54.0804 2904 mssmbios - ok
02:34:54.0833 2904 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:34:54.0836 2904 MSTEE - ok
02:34:54.0891 2904 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:34:54.0895 2904 Mup - ok
02:34:54.0987 2904 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:34:54.0993 2904 NativeWifiP - ok
02:34:55.0059 2904 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:34:55.0084 2904 NDIS - ok
02:34:55.0136 2904 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:34:55.0138 2904 NdisTapi - ok
02:34:55.0167 2904 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:34:55.0170 2904 Ndisuio - ok
02:34:55.0219 2904 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:34:55.0224 2904 NdisWan - ok
02:34:55.0295 2904 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:34:55.0299 2904 NDProxy - ok
02:34:55.0405 2904 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:34:55.0408 2904 NetBIOS - ok
02:34:55.0460 2904 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:34:55.0467 2904 netbt - ok
02:34:55.0663 2904 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
02:34:55.0744 2904 NETw4v32 - ok
02:34:55.0825 2904 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:34:55.0828 2904 nfrd960 - ok
02:34:55.0921 2904 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:34:55.0924 2904 Npfs - ok
02:34:55.0987 2904 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:34:55.0989 2904 nsiproxy - ok
02:34:56.0090 2904 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:34:56.0141 2904 Ntfs - ok
02:34:56.0230 2904 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:34:56.0233 2904 ntrigdigi - ok
02:34:56.0329 2904 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
02:34:56.0332 2904 NuidFltr - ok
02:34:56.0421 2904 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:34:56.0423 2904 Null - ok
02:34:56.0498 2904 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
02:34:56.0503 2904 nvraid - ok
02:34:56.0545 2904 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
02:34:56.0548 2904 nvstor - ok
02:34:56.0639 2904 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
02:34:56.0646 2904 nv_agp - ok
02:34:56.0672 2904 NwlnkFlt - ok
02:34:56.0702 2904 NwlnkFwd - ok
02:34:56.0806 2904 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
02:34:56.0816 2904 OEM02Dev - ok
02:34:56.0851 2904 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
02:34:56.0854 2904 OEM02Vfx - ok
02:34:56.0920 2904 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:34:56.0925 2904 ohci1394 - ok
02:34:56.0977 2904 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:34:56.0981 2904 Parport - ok
02:34:57.0047 2904 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:34:57.0050 2904 partmgr - ok
02:34:57.0084 2904 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:34:57.0087 2904 Parvdm - ok
02:34:57.0126 2904 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:34:57.0132 2904 pci - ok
02:34:57.0177 2904 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:34:57.0179 2904 pciide - ok
02:34:57.0250 2904 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:34:57.0257 2904 pcmcia - ok
02:34:57.0345 2904 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
02:34:57.0348 2904 pcouffin - ok
02:34:57.0415 2904 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:34:57.0450 2904 PEAUTH - ok
02:34:57.0622 2904 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:34:57.0626 2904 PptpMiniport - ok
02:34:57.0695 2904 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:34:57.0700 2904 Processor - ok
02:34:57.0781 2904 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:34:57.0785 2904 PSched - ok
02:34:57.0846 2904 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
02:34:57.0850 2904 PxHelp20 - ok
02:34:57.0946 2904 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:34:57.0981 2904 ql2300 - ok
02:34:58.0037 2904 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:34:58.0042 2904 ql40xx - ok
02:34:58.0109 2904 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:34:58.0112 2904 QWAVEdrv - ok
02:34:58.0271 2904 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
02:34:58.0369 2904 R300 - ok
02:34:58.0433 2904 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:34:58.0436 2904 RasAcd - ok
02:34:58.0492 2904 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:34:58.0497 2904 Rasl2tp - ok
02:34:58.0546 2904 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:34:58.0549 2904 RasPppoe - ok
02:34:58.0603 2904 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:34:58.0608 2904 RasSstp - ok
02:34:58.0659 2904 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:34:58.0668 2904 rdbss - ok
02:34:58.0726 2904 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:34:58.0729 2904 RDPCDD - ok
02:34:58.0796 2904 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
02:34:58.0804 2904 rdpdr - ok
02:34:58.0837 2904 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:34:58.0840 2904 RDPENCDD - ok
02:34:58.0893 2904 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:34:58.0900 2904 RDPWD - ok
02:34:58.0992 2904 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
02:34:58.0999 2904 RFCOMM - ok
02:34:59.0049 2904 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
02:34:59.0052 2904 rimmptsk - ok
02:34:59.0099 2904 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
02:34:59.0103 2904 rimsptsk - ok
02:34:59.0158 2904 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
02:34:59.0162 2904 rismxdp - ok
02:34:59.0248 2904 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:34:59.0251 2904 rspndr - ok
02:34:59.0338 2904 RTL8187B (318f4f327190b2aee7aae9cafd19bb19) C:\Windows\system32\DRIVERS\wg111v3.sys
02:34:59.0361 2904 RTL8187B - ok
02:34:59.0407 2904 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:34:59.0414 2904 sbp2port - ok
02:34:59.0498 2904 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
02:34:59.0503 2904 sdbus - ok
02:34:59.0539 2904 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:34:59.0542 2904 secdrv - ok
02:34:59.0599 2904 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:34:59.0602 2904 Serenum - ok
02:34:59.0638 2904 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:34:59.0643 2904 Serial - ok
02:34:59.0708 2904 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:34:59.0711 2904 sermouse - ok
02:34:59.0780 2904 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
02:34:59.0783 2904 sffdisk - ok
02:34:59.0813 2904 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
02:34:59.0816 2904 sffp_mmc - ok
02:34:59.0836 2904 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
02:34:59.0839 2904 sffp_sd - ok
02:34:59.0872 2904 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:34:59.0875 2904 sfloppy - ok
02:34:59.0923 2904 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
02:34:59.0927 2904 sisagp - ok
02:34:59.0960 2904 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:34:59.0964 2904 SiSRaid2 - ok
02:34:59.0997 2904 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:35:00.0001 2904 SiSRaid4 - ok
02:35:00.0070 2904 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:35:00.0074 2904 Smb - ok
02:35:00.0161 2904 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:35:00.0164 2904 spldr - ok
02:35:00.0357 2904 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
02:35:00.0357 2904 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
02:35:00.0362 2904 sptd ( LockedFile.Multi.Generic ) - warning
02:35:00.0362 2904 sptd - detected LockedFile.Multi.Generic (1)
02:35:00.0412 2904 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
02:35:00.0424 2904 srv - ok
02:35:00.0457 2904 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
02:35:00.0463 2904 srv2 - ok
02:35:00.0497 2904 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
02:35:00.0501 2904 srvnet - ok
02:35:00.0605 2904 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
02:35:00.0628 2904 STHDA - ok
02:35:00.0686 2904 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:35:00.0689 2904 swenum - ok
02:35:00.0847 2904 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:35:00.0850 2904 Symc8xx - ok
02:35:00.0878 2904 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:35:00.0882 2904 Sym_hi - ok
02:35:00.0916 2904 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:35:00.0919 2904 Sym_u3 - ok
02:35:01.0035 2904 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
02:35:01.0068 2904 Tcpip - ok
02:35:01.0116 2904 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
02:35:01.0131 2904 Tcpip6 - ok
02:35:01.0170 2904 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:35:01.0173 2904 tcpipreg - ok
02:35:01.0219 2904 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:35:01.0222 2904 TDPIPE - ok
02:35:01.0264 2904 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:35:01.0267 2904 TDTCP - ok
02:35:01.0315 2904 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:35:01.0319 2904 tdx - ok
02:35:01.0397 2904 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:35:01.0401 2904 TermDD - ok
02:35:01.0500 2904 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:35:01.0503 2904 tssecsrv - ok
02:35:01.0557 2904 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:35:01.0560 2904 tunmp - ok
02:35:01.0602 2904 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:35:01.0606 2904 tunnel - ok
02:35:01.0644 2904 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:35:01.0648 2904 uagp35 - ok
02:35:01.0706 2904 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:35:01.0715 2904 udfs - ok
02:35:01.0786 2904 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
02:35:01.0790 2904 uliagpkx - ok
02:35:01.0831 2904 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:35:01.0841 2904 uliahci - ok
02:35:01.0880 2904 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:35:01.0885 2904 UlSata - ok
02:35:01.0941 2904 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:35:01.0947 2904 ulsata2 - ok
02:35:02.0002 2904 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:35:02.0005 2904 umbus - ok
02:35:02.0069 2904 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
02:35:02.0073 2904 USBAAPL - ok
02:35:02.0132 2904 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:35:02.0136 2904 usbccgp - ok
02:35:02.0170 2904 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:35:02.0174 2904 usbcir - ok
02:35:02.0256 2904 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:35:02.0259 2904 usbehci - ok
02:35:02.0308 2904 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:35:02.0316 2904 usbhub - ok
02:35:02.0347 2904 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
02:35:02.0350 2904 usbohci - ok
02:35:02.0391 2904 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:35:02.0394 2904 usbprint - ok
02:35:02.0467 2904 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:35:02.0470 2904 usbscan - ok
02:35:02.0539 2904 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:35:02.0541 2904 USBSTOR - ok
02:35:02.0584 2904 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:35:02.0587 2904 usbuhci - ok
02:35:02.0684 2904 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
02:35:02.0688 2904 vga - ok
02:35:02.0752 2904 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:35:02.0755 2904 VgaSave - ok
02:35:02.0802 2904 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
02:35:02.0806 2904 viaagp - ok
02:35:02.0835 2904 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:35:02.0839 2904 ViaC7 - ok
02:35:02.0869 2904 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
02:35:02.0872 2904 viaide - ok
02:35:02.0931 2904 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:35:02.0939 2904 volmgr - ok
02:35:03.0001 2904 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:35:03.0011 2904 volmgrx - ok
02:35:03.0072 2904 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:35:03.0081 2904 volsnap - ok
02:35:03.0139 2904 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:35:03.0145 2904 vsmraid - ok
02:35:03.0208 2904 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:35:03.0211 2904 WacomPen - ok
02:35:03.0259 2904 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:35:03.0262 2904 Wanarp - ok
02:35:03.0275 2904 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:35:03.0277 2904 Wanarpv6 - ok
02:35:03.0334 2904 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:35:03.0337 2904 Wd - ok
02:35:03.0402 2904 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:35:03.0426 2904 Wdf01000 - ok
02:35:03.0576 2904 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
02:35:03.0613 2904 winachsf - ok
02:35:03.0755 2904 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:35:03.0758 2904 WmiAcpi - ok
02:35:03.0902 2904 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:35:03.0905 2904 ws2ifsl - ok
02:35:04.0005 2904 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:35:04.0009 2904 WUDFRd - ok
02:35:04.0064 2904 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
02:35:04.0067 2904 XAudio - ok
02:35:04.0152 2904 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
02:35:04.0163 2904 yukonwlh - ok
02:35:04.0243 2904 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:35:04.0284 2904 \Device\Harddisk0\DR0 - ok
02:35:04.0294 2904 MBR (0x1B8) (4167c72df5fef7eb5834770161852b07) \Device\Harddisk2\DR2
02:35:15.0473 2904 \Device\Harddisk2\DR2 - ok
02:35:15.0530 2904 Boot (0x1200) (8867ac5d7caa97c90f1254da2442ead1) \Device\Harddisk0\DR0\Partition0
02:35:15.0532 2904 \Device\Harddisk0\DR0\Partition0 - ok
02:35:15.0542 2904 Boot (0x1200) (e6f36cca30fce059de2cc760743f100c) \Device\Harddisk0\DR0\Partition1
02:35:15.0544 2904 \Device\Harddisk0\DR0\Partition1 - ok
02:35:15.0547 2904 ============================================================
02:35:15.0547 2904 Scan finished
02:35:15.0551 2904 ============================================================
02:35:15.0584 4140 Detected object count: 1
02:35:15.0584 4140 Actual detected object count: 1
02:35:55.0228 4140 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:35:55.0228 4140 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:36:10.0175 2724 Deinitialize success






and the second one my computer wouldn't reboot ofter the fix it just said installing updates for ages

but here is the scan log from afterwards

OTL.Txt






OTL logfile created on: 12/10/2011 3:10:58 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\vincent\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.91% Memory free
4.21 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.49 Gb Total Space | 74.02 Gb Free Space | 54.23% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.40% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 7.08 Gb Free Space | 98.25% Space Free | Partition Type: FAT32

Computer Name: HOME-PC | User Name: vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 17:48:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/14 10:20:02 | 000,033,792 | ---- | M] (Roozz.com) -- C:\Program Files\Roozz\RoozzHelper.exe
PRC - [2011/07/03 00:32:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/15 00:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/12 21:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 18:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 16:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 16:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 16:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 16:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/01 01:12:40 | 000,412,728 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
MOD - [2011/10/01 01:12:39 | 003,696,184 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/10/01 01:11:13 | 000,142,568 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/10/01 01:11:12 | 000,253,320 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/10/01 01:11:10 | 002,403,240 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/30 06:06:57 | 008,587,936 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/09/30 06:06:57 | 008,587,936 | ---- | M] () -- C:\Users\vincent\AppData\Local\Google\Chrome\APPLIC~1\140835~1.202\gcswf32.dll
MOD - [2011/09/02 05:24:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
MOD - [2011/09/01 16:04:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MOD - [2011/09/01 16:04:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2009/09/05 01:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 23:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 23:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe
MOD - [2006/11/03 19:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 19:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/14 10:20:02 | 000,033,792 | ---- | M] (Roozz.com) [Auto | Running] -- C:\Program Files\Roozz\RoozzHelper.exe -- (Roozz Helper)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/14 09:39:08 | 001,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/29 18:31:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/01/14 09:39:06 | 000,072,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2008/03/06 17:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/28 06:58:30 | 000,289,280 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/11/12 21:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 16:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 02:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 15:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 19:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/02 17:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Roozz.com/RoozzPlugin: C:\Program Files\Roozz\nproozz.dll (Roozz.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/14 02:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/20 01:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/09/27 13:35:57 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vincent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Roozz plugin (Enabled) = C:\Program Files\Roozz\nproozz.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\vincent\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2011/10/12 02:43:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\vincent\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\NetDog\netd.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NetDog\netd.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD920C4A-0564-4993-B065-50F371B06390}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/18 22:08:18 | 000,014,791 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 02:43:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/12 02:34:19 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\vincent\Desktop\TDSSKiller.exe
[2011/10/11 17:48:17 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
[2011/10/10 04:51:32 | 000,000,000 | ---D | C] -- C:\Users\vincent\Desktop\Things
[2011/10/10 04:38:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\vincent\Desktop\aswMBR.exe
[2011/10/09 05:12:00 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2011/10/09 05:11:57 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\Apps
[2011/10/09 01:45:59 | 000,000,000 | ---D | C] -- C:\Users\vincent\.IBot
[2011/09/29 15:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/22 01:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/09/22 01:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/09/22 01:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/09/21 18:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/09/21 18:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/09/20 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Mozilla
[2011/09/19 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Profibot
[2011/09/18 02:12:58 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Roaming\Bandoo
[2011/09/18 01:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profibot
[2011/09/18 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\Ilivid Player
[2011/09/18 01:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011/09/18 01:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/09/18 01:21:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
[2011/09/18 01:20:12 | 000,000,000 | ---D | C] -- C:\Users\vincent\AppData\Local\PackageAware
[2010/05/21 20:57:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\vincent\AppData\Roaming\pcouffin.sys
[2008/04/03 03:28:22 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2008/04/03 03:28:22 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/12 02:53:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 02:53:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 02:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 02:53:10 | 2134,982,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 02:43:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/12 02:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000UA.job
[2011/10/12 02:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-432222374-1183367405-199368062-1000Core.job
[2011/10/11 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/10/11 17:48:21 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\vincent\Desktop\OTL.exe
[2011/10/10 09:42:26 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\vincent\Desktop\TDSSKiller.exe
[2011/10/10 05:12:36 | 000,000,512 | ---- | M] () -- C:\Users\vincent\Desktop\MBR.dat
[2011/10/10 04:40:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\vincent\Desktop\aswMBR.exe
[2011/10/10 02:53:09 | 000,047,956 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia.jpg
[2011/10/10 02:49:30 | 003,042,537 | ---- | M] () -- C:\Users\vincent\Desktop\Things.7z
[2011/10/07 20:29:37 | 000,000,656 | ---- | M] () -- C:\Users\vincent\Desktop\bioBot.lnk
[2011/10/06 05:11:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/10/05 08:37:14 | 000,036,663 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia 2.jpg
[2011/10/04 09:27:47 | 008,078,878 | ---- | M] () -- C:\Users\vincent\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/10/02 16:05:51 | 000,383,015 | ---- | M] () -- C:\Users\vincent\Desktop\Vanudonia.psd
[2011/09/29 15:00:00 | 021,073,936 | ---- | M] () -- C:\Users\vincent\Documents\vlc-1.1.11-win32.exe
[2011/09/28 00:44:51 | 000,157,539 | ---- | M] () -- C:\Users\vincent\Desktop\map for aod.jpg
[2011/09/22 01:48:53 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 23:10:47 | 008,103,093 | ---- | M] () -- C:\Users\vincent\Desktop\Adele-Rolling In The Deep (Proximas Remix).mp3
[2011/09/20 03:25:04 | 008,012,833 | ---- | M] () -- C:\Users\vincent\Desktop\Adele vs. Skrillex - Set Fire To Everybody.mp3
[2011/09/19 23:40:21 | 000,188,416 | ---- | M] () -- C:\Users\vincent\AppData\Roaming\chrtmp
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 05:12:36 | 000,000,512 | ---- | C] () -- C:\Users\vincent\Desktop\MBR.dat
[2011/10/10 02:49:25 | 003,042,537 | ---- | C] () -- C:\Users\vincent\Desktop\Things.7z
[2011/10/07 20:29:37 | 000,000,656 | ---- | C] () -- C:\Users\vincent\Desktop\bioBot.lnk
[2011/10/05 08:36:35 | 000,036,663 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia 2.jpg
[2011/10/04 03:02:05 | 008,078,878 | ---- | C] () -- C:\Users\vincent\Desktop\LMFAO - Sexy and I Know It.mp3
[2011/10/02 03:33:11 | 000,383,015 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia.psd
[2011/10/02 03:18:21 | 000,047,956 | ---- | C] () -- C:\Users\vincent\Desktop\Vanudonia.jpg
[2011/09/29 14:59:20 | 021,073,936 | ---- | C] () -- C:\Users\vincent\Documents\vlc-1.1.11-win32.exe
[2011/09/28 00:44:48 | 000,157,539 | ---- | C] () -- C:\Users\vincent\Desktop\map for aod.jpg
[2011/09/21 18:18:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/21 18:14:36 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/09/20 03:24:38 | 008,012,833 | ---- | C] () -- C:\Users\vincent\Desktop\Adele vs. Skrillex - Set Fire To Everybody.mp3
[2011/09/20 03:23:49 | 008,103,093 | ---- | C] () -- C:\Users\vincent\Desktop\Adele-Rolling In The Deep (Proximas Remix).mp3
[2011/09/18 01:49:35 | 000,188,416 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\chrtmp
[2010/12/08 15:22:18 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/12/08 15:22:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BXD2140.DAT
[2010/09/14 08:32:57 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2010/09/14 08:32:57 | 000,000,039 | ---- | C] () -- C:\Windows\MYOB.INI
[2010/09/14 08:32:03 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2010/09/14 08:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2010/09/14 08:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2010/05/21 21:00:58 | 000,001,189 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\vso_ts_preview.xml
[2010/05/21 20:57:12 | 000,087,608 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\inst.exe
[2010/05/21 20:57:12 | 000,007,887 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.cat
[2010/05/21 20:57:12 | 000,001,144 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\pcouffin.inf
[2009/11/27 23:19:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/09/27 15:11:33 | 000,000,164 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\default.rss
[2009/09/24 12:07:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 12:07:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/14 08:51:26 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/28 09:52:13 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009/04/15 17:55:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/04/15 17:55:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/04/05 15:33:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/14 09:39:06 | 000,072,992 | ---- | C] () -- C:\Windows\System32\drivers\bckd.sys
[2008/12/14 06:13:48 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wins4f.dll
[2008/12/14 06:13:42 | 000,164,864 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008/11/13 03:03:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/30 15:13:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/25 13:20:57 | 000,113,080 | ---- | C] () -- C:\ProgramData\BMcda75ccf.xml
[2008/09/25 13:20:57 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/07/16 20:30:30 | 000,000,192 | ---- | C] () -- C:\Users\vincent\AppData\Roaming\wklnhst.dat
[2008/04/13 23:32:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/13 20:38:27 | 000,006,648 | ---- | C] () -- C:\Users\vincent\AppData\Local\d3d9caps.dat
[2008/04/11 20:43:55 | 000,114,688 | ---- | C] () -- C:\Users\vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/03 03:28:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/04/03 03:28:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/04/03 03:28:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/04/03 03:28:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/04/03 03:28:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/04/03 03:28:26 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/02 19:45:45 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/04/02 19:34:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/11 08:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:44:53 | 003,647,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:33:01 | 002,225,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,939,990 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ctreestd.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/12/14 00:16:20 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Audacity
[2011/03/05 01:43:48 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\AVG
[2010/12/14 23:00:15 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\AVG10
[2011/09/18 02:12:58 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Bandoo
[2011/02/25 01:54:18 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\BitTorrent
[2009/04/15 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Blitware
[2010/06/29 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DAEMON Tools Lite
[2010/06/29 08:18:55 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DAEMON Tools Pro
[2010/11/10 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\DriverCure
[2011/06/10 00:01:25 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\f-secure
[2011/08/07 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Fastest Free YouTube Downloader
[2010/05/23 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\FreeBurner
[2011/08/10 02:19:26 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Opera
[2010/11/10 17:56:45 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\ParetoLogic
[2010/07/26 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Solveig Multimedia
[2010/08/10 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008/07/16 20:30:31 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Template
[2010/05/23 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\tmp
[2011/08/28 03:49:27 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\uTorrent
[2010/05/21 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\vincent\AppData\Roaming\Vso
[2011/10/11 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/10/06 05:11:04 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/09/21 13:19:31 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#11
havredave
Posted 12 October 2011 - 12:18 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I'm not terribly surprised about the "installing updates" slowdown. That's your computer installing automatic Windows updates that require a reboot to install files that are currently in use. Completely normal.

The suspicious file TDSSKiller found is also pretty normal.

While I work on the next direction, how is your machine running? Have you had any BSODs (blue screen of death) since we started? How about freezing up? When the machine does freeze up, what is it you're doing, or is it completely random-seeming?
  • 0

#12
Krazo
Posted 15 October 2011 - 12:08 PM

Krazo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry about the slow reply. alright that i still have are BSOD when i try to do a virus scan usually around 70% when it's cheching system 32, internt is slow to not working, still freezes during a virus scan if no BSOD but also sometimes at randum and lastly the updates will not instally like i said last time, i have left it on for 24hrs and it didn't update a single one (posiblly freezing?). so the virace scanner dosen't work properly when i try to scan, so i deleted it and i now have none of the bigger problems with my computer, dosn't freeze, no BSOD, internt works (not very useful though because you can't go anyware for fear of more viruses), it still says window module explore is not working sometimes just at randome it says that. that's all i can think of at the moment.

If you need more information or better description on/about something i'm happy to try and get it for you.
  • 0

#13
Krazo
Posted 15 October 2011 - 12:14 PM

Krazo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry about the slow reply. alright that I still have are BSOD when I try to do a virus scan usually around 70% when it's checking system 32, internet is slow to not working, still freezes during a virus scan if no BSOD but also sometimes at random and lastly the updates will not install like I said last time, I have left it on for 24hrs and it didn't update a single one (possibly freezing?). so the virus scanner doesn’t work properly when I try to scan, so I deleted it and I now have none of the bigger problems with my computer, doesn’t freeze, no BSOD, internet works (not very useful though because you can't go any ware for fear of more viruses), it still says window module explore is not working sometimes just at random it says that. That’s all I can think of at the moment.

If you need more information or better description on/about something I’m happy to try and get it for you.
  • 0

#14
havredave
Posted 15 October 2011 - 04:11 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Interesting, ok. That's good information to have passed on. I'm a little slow at responding during weekends, but I'll do some brainstorming and see what I can come up with.

In the meantime, it sounds like you're doing the right thing by avoiding Internet use while your machine is unprotected.

If you would like to try a different antivirus product for now, there are a few free ones I'm currently recommending:

Avast!

or

Microsoft Security Essentials

Both are decent. I personally use Microsoft Security Essentials because my machine is a little lower on horse power than I'd like. :)

If you choose Avast!, please be careful downloading it. One of their download partners has advertisements all over the download page that appear to be the Avast! download, but are not.

I'll try to get back to you soon on your remaining issues. :yes:
  • 0

#15
havredave
Posted 16 October 2011 - 10:50 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I see that you have Revo Uninstaller on your machine. Have you tried to use that to get rid of uTorrent?

Also, which updates aren't installing cleanly? You can get an idea of which it is by starting up Windows Update (Under Start->Programs) and writing down the updates it thinks are necessary. Don't worry about the optional ones. Do the update, reboot if it will, and do another Windows Update and again write down which it finds. The ones that are still there are of most interest.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP