Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Series of virus

Started by Snypa86 , Sep 07 2011 12:19 PM

This topic is locked

#1
Snypa86

Posted 07 September 2011 - 12:19 PM

Member

Member
58 posts

Hey everyone, I come forth to get help in resolving my issue. So my laptop is a Toshiba Satellite, has 4gb of ram, windows vista home premium 64-bit. First thing i notice is whenever i try to go to a particular website, lets say Hotmail.com, it pretends to be loading and then takes me to a different website. Next thing is my Windows security alerts, firewall is off, automatic update is on, malware protection states "check settings" and other security settings says "check settings" as well. When i go to turn on the firewall, i get a message saying "Security Center can't turn on Windows Firewall". I tried turning it on manually by clicking "update settings now", that didn't do anything. I did a series of scans with malware-bytes, found stuff, deleted them. Use spybot search, found stuff deleted them. Used avast, found stuff, deleted them and computer wont start. So I'm assuming the infected files are needed to boot the computer. I tried hijack this and OTL, but that is where i decided to turn to you guys the experts, as I'm not 100% understanding the logs and what needs to be done afterwards to clean the laptop up. Please let me know where you guy recommend i start. Also avast keep blocking this:

8Object: C:\windows\assembly\tmp\U\00000cb.@
Infection: Win32:Malware-gen
Process C:\windows\System32\csrss.exe

Thank You

#2
michaelg9

Posted 07 September 2011 - 01:30 PM

Trusted Helper

Malware Removal
2,949 posts

. I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:

POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

I'm not sure if I understood this correctly, can your computer now boot? If yes, follow the following from safe mode. Instructions for safe mode here
Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Next:

OTL Custom Scan

Download OTL to your Desktop
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

If you can't boot, tell me what happens when you try to boot.
Do you get a Blue screen? If yes, which is the error code?

#3
Snypa86

Posted 07 September 2011 - 03:15 PM

Member

Topic Starter
Member
58 posts

I can boot. I will do the above that you asked and report back in a short while. Thank you Michael.

#4
Snypa86

Posted 07 September 2011 - 04:26 PM

Member

Topic Starter
Member
58 posts

RKreport

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: patrick [Admin rights]
Mode: Scan -- Date : 09/07/2011 17:52:15

Bad processes: 0

Registry Entries: 3
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-07 17:53:04
-----------------------------
17:53:04.142 OS Version: Windows x64 6.0.6002 Service Pack 2
17:53:04.142 Number of processors: 2 586 0x170A
17:53:04.142 ComputerName: PATRICK-PC UserName: patrick
17:53:05.453 Initialize success
17:53:06.763 AVAST engine defs: 11090700
17:53:19.383 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:53:19.383 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
17:53:19.399 Disk 0 MBR read successfully
17:53:19.399 Disk 0 MBR scan
17:53:19.992 Disk 0 Windows VISTA default MBR code
17:53:19.992 Service scanning
17:53:23.876 Modules scanning
17:53:23.876 Disk 0 trace - called modules:
17:53:23.923 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:53:23.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800588c060]
17:53:23.939 3 CLASSPNP.SYS[fffffa6000dc4c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b62050]
17:53:25.062 AVAST engine scan C:\Windows
17:53:31.957 AVAST engine scan C:\Windows\system32
17:53:44.094 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
17:55:03.155 AVAST engine scan C:\Windows\system32\drivers
17:55:12.639 AVAST engine scan C:\Users\patrick
17:58:38.622 AVAST engine scan C:\ProgramData
18:01:31.314 Scan finished successfully
18:03:47.876 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
18:03:47.892 The log file has been saved successfully to "E:\aswMBR.txt"

OTL

OTL logfile created on: 9/7/2011 6:09:09 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = E:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 3.12 Gb Available Physical Memory | 80.66% Memory free
7.92 Gb Paging File | 7.30 Gb Available in Paging File | 92.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.58 Gb Total Space | 178.78 Gb Free Space | 62.39% Space Free | Partition Type: NTFS
Drive E: | 14.93 Gb Total Space | 10.38 Gb Free Space | 69.52% Space Free | Partition Type: FAT32
Drive F: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.01% Space Free | Partition Type: FAT32

Computer Name: PATRICK-PC | User Name: patrick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 01:54:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/10/16 21:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 20:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 03:41:44 | 000,273,488 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/01/13 03:40:20 | 000,051,792 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/01/13 03:37:34 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/01/13 03:37:12 | 000,020,560 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 13:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/11 19:35:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/03 15:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/02 19:20:18 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/02/11 20:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 22:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/11/17 10:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/03 21:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/07/03 21:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 21:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 21:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2003/07/30 05:02:00 | 000,047,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\PxHelp64.sys -- (PxHelp64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 23 07 2A 1E 5D CB 01 [binary data]
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\URLSearchHook: {2c1e21b5-5666-4cd5-8152-96b690b7216e} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\URLSearchHook: {d9bd6168-5948-4319-b3b2-730c2cf6adc2} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/31 16:55:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/08/03 20:42:11 | 000,203,160 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {2C1E21B5-5666-4CD5-8152-96B690B7216E} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {D9BD6168-5948-4319-B3B2-730C2CF6ADC2} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000..\Run: [Sonic RecordNow! Deluxe] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25A69E9C-CD10-42B0-A99F-A0C2FBF785EC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB0FBA6-6420-43BE-950B-BE7DDB297058}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\patrick\Pictures\2009-11-04 Mixed\Mixed 133.JPG
O24 - Desktop BackupWallPaper: C:\Users\patrick\Pictures\2009-11-04 Mixed\Mixed 133.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\{f06e8859-bd59-11de-9c23-001e33c95ec3}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{f06e8859-bd59-11de-9c23-001e33c95ec3}\Shell\phone\command - "" = E:\autorun.exe
O33 - MountPoints2\{f74cc34b-fb94-11de-a006-001e33c95ec3}\Shell - "" = AutoRun
O33 - MountPoints2\{f74cc34b-fb94-11de-a006-001e33c95ec3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe - - File not found
MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: cdloader - hkey= - key= - C:\Users\patrick\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig:64bit - StartUpReg: cfFncEnabler.exe - hkey= - key= - C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: er2 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: McENUI - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NDSTray.exe - hkey= - key= - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: TANU - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Teco - hkey= - key= - C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\PROGRA~2\MpcStar\Codecs\tscc\tsccvid.dll File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 17:52:14 | 000,000,000 | ---D | C] -- C:\Users\patrick\Desktop\RK_Quarantine
[2011/09/07 16:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Cease 2011
[2011/09/06 23:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/06 23:59:37 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 23:59:37 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/06 23:59:36 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 23:59:35 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 23:59:35 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 23:59:24 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 23:59:23 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/18 03:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/18 02:58:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/18 02:58:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/18 02:58:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/18 02:58:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/18 02:58:34 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/18 02:58:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/18 02:58:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/18 02:58:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/18 02:58:33 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/18 01:08:59 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/18 01:08:58 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/18 01:08:48 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[1 C:\Users\patrick\Documents\*.tmp files -> C:\Users\patrick\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 18:11:41 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/07 18:11:41 | 000,606,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/07 18:11:41 | 000,104,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/07 17:51:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 16:36:46 | 000,001,460 | ---- | M] () -- C:\Users\patrick\AppData\Local\d3d9caps64.dat
[2011/09/07 16:21:34 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\09-07-2011_162134.job
[2011/09/07 15:40:28 | 454,037,992 | ---- | M] () -- C:\Users\patrick\Desktop\default registry.reg
[2011/09/07 14:48:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 14:48:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 14:05:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 14:00:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 02:10:28 | 000,418,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/07 00:12:25 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
[2011/09/06 23:59:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/06 23:59:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/05 12:05:38 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/18 02:31:31 | 952,948,500 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\patrick\Documents\*.tmp files -> C:\Users\patrick\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 16:21:34 | 000,000,498 | ---- | C] () -- C:\Windows\tasks\09-07-2011_162134.job
[2011/09/07 15:40:09 | 454,037,992 | ---- | C] () -- C:\Users\patrick\Desktop\default registry.reg
[2011/09/07 00:12:25 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/06 23:59:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/23 23:48:30 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/23 22:57:04 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/07/23 22:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011/06/03 09:38:28 | 000,001,460 | ---- | C] () -- C:\Users\patrick\AppData\Local\d3d9caps64.dat
[2011/02/13 02:23:58 | 000,000,680 | ---- | C] () -- C:\Users\patrick\AppData\Local\d3d9caps.dat
[2010/08/05 13:40:14 | 000,004,096 | -H-- | C] () -- C:\Users\patrick\AppData\Local\keyfile3.drm
[2009/12/14 20:14:33 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2009/12/14 19:52:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/14 17:28:02 | 000,000,000 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\wklnhst.dat
[2009/12/03 22:36:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 22:36:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 22:35:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/11 04:30:37 | 000,017,043 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\UserTile.png
[2009/09/28 17:36:05 | 000,005,632 | ---- | C] () -- C:\Users\patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 16:25:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/08 03:28:20 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/06/16 20:23:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/05/03 03:00:45 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/05/03 03:00:45 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/05/03 03:00:45 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/05/03 03:00:44 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/05/03 03:00:44 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/05/03 03:00:44 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/05/03 01:26:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/03 15:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/03/03 15:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/03/03 15:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/07/31 10:09:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/05/24 04:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\lockout.dll
[2002/05/24 04:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\lockres.dll

========== LOP Check ==========

[2011/01/20 04:18:48 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\CometPlayer
[2010/08/04 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\iWin
[2009/09/13 04:28:22 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Leadertech
[2011/08/05 20:18:51 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mjusbsp
[2010/10/12 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\PDF Viewer
[2009/12/14 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Smith Micro
[2011/03/25 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TeamViewer
[2009/12/14 17:28:05 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Template
[2010/12/27 22:38:15 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TigerPlayer
[2009/09/08 03:56:47 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TOSHIBA
[2009/09/09 05:14:35 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\WildTangent
[2009/09/08 03:27:56 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\WinBatch
[2011/09/07 16:21:34 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\09-07-2011_162134.job
[2011/09/07 14:48:57 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/09/14 12:02:05 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Adobe
[2011/01/20 04:18:48 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\CometPlayer
[2009/09/10 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Google
[2009/09/08 03:28:43 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Identities
[2010/01/19 00:05:52 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Intel
[2010/08/04 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\iWin
[2009/09/13 04:28:22 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Leadertech
[2009/09/08 03:50:22 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Macromedia
[2011/02/20 20:14:57 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Malwarebytes
[2006/11/02 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Media Center Programs
[2011/08/05 20:19:07 | 000,000,000 | --SD | M] -- C:\Users\patrick\AppData\Roaming\Microsoft
[2011/08/05 20:18:51 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mjusbsp
[2010/10/12 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\PDF Viewer
[2011/02/21 23:16:38 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Real
[2011/08/05 20:18:41 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Skype
[2011/07/23 22:21:56 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\skypePM
[2009/12/14 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Smith Micro
[2011/03/25 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TeamViewer
[2009/12/14 17:28:05 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Template
[2010/12/27 22:38:15 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TigerPlayer
[2009/09/08 03:56:47 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TOSHIBA
[2010/10/06 07:58:02 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\U3
[2009/09/09 05:14:35 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\WildTangent
[2009/09/08 03:27:56 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\WinBatch

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\system64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\system64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 08:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 08:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 08:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/09/03 08:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/08/04 01:23:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/08/04 01:23:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/08/04 01:23:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/04 01:23:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/04 01:23:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/04 01:23:20 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/04 01:23:20 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/04 01:23:20 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/04 01:23:23 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/04 01:23:23 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#5
Snypa86

Posted 07 September 2011 - 04:29 PM

Member

Topic Starter
Member
58 posts

I tried attaching the MBR.dat file and it said:

Error You aren't permitted to upload this kind of file

#6
michaelg9

Posted 07 September 2011 - 05:02 PM

Trusted Helper

Malware Removal
2,949 posts

Hello there
You are infected with ZeroAccess rootkit:

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Next:

Do this from normal mode, not safe mode:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 23 07 2A 1E 5D CB 01 [binary data]
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\URLSearchHook: {2c1e21b5-5666-4cd5-8152-96b690b7216e} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\URLSearchHook: {d9bd6168-5948-4319-b3b2-730c2cf6adc2} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {2C1E21B5-5666-4CD5-8152-96B690B7216E} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {D9BD6168-5948-4319-B3B2-730C2CF6ADC2} - No CLSID value found.
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O33 - MountPoints2\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\{f06e8859-bd59-11de-9c23-001e33c95ec3}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{f06e8859-bd59-11de-9c23-001e33c95ec3}\Shell\phone\command - "" = E:\autorun.exe
O33 - MountPoints2\{f74cc34b-fb94-11de-a006-001e33c95ec3}\Shell - "" = AutoRun
O33 - MountPoints2\{f74cc34b-fb94-11de-a006-001e33c95ec3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[1 C:\Users\patrick\Documents\*.tmp files -> C:\Users\patrick\Documents\*.tmp -> ]
[2011/09/07 16:21:34 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\09-07-2011_162134.job
[1 C:\Users\patrick\Documents\*.tmp files -> C:\Users\patrick\Documents\*.tmp -> ]
[2011/09/07 16:21:34 | 000,000,498 | ---- | C] () -- C:\Windows\tasks\09-07-2011_162134.job
[2011/07/23 22:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011/09/07 16:21:34 | 000,000,498 | ---- | M] () -- C:\Windows\Tasks\09-07-2011_162134.job
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

:Services

:Reg

:Files
C:\Windows\system32\consrv.dll
C:\Windows\front_ip_list.txt
C:\Windows\iplist.txt
C:\Windows\proc_list1.log
C:\Windows\services32.exe
C:\Windows\update.1\svchost.exe
C:\Windows\Temp\6595492.exe
C:\Windows\Temp\9995171.exe
C:\Windows\update.1
C:\windows\sysdriver32.exe

:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#7
Snypa86

Posted 07 September 2011 - 07:18 PM

Member

Topic Starter
Member
58 posts

Combo Fix

ComboFix 11-09-07.04 - patrick 09/07/2011 20:35:00.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2528 [GMT -4:00]
Running from: c:\users\patrick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\_Setup.dll
c:\programdata\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\_Setupx.dll
c:\programdata\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.dat
c:\programdata\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.exe
c:\programdata\Tarma Installer\{8912A802-1DD4-41F3-8450-B3209081BDB9}\Setup.ico
C:\rvedc
c:\users\patrick\Documents\~WRL3582.tmp
c:\users\patrick\Documents\008.JPG
c:\users\patrick\Documents\015.JPG
c:\users\patrick\Documents\020.AVI
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Thumbs.db
c:\windows\System64
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-08 00:46 . 2011-09-08 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-07 20:20 . 2011-09-07 21:48 -------- d-----w- c:\program files (x86)\Spyware Cease 2011
2011-09-07 03:59 . 2011-01-13 07:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-07 03:59 . 2011-01-13 07:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-07 03:59 . 2011-01-13 07:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-07 03:59 . 2011-01-13 07:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-07 03:59 . 2011-01-13 07:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-07 03:59 . 2011-01-13 07:47 38848 ----a-w- c:\windows\avastSS.scr
2011-09-07 03:59 . 2011-01-13 07:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-31 17:09 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-31 17:09 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-18 07:11 . 2011-08-18 07:11 -------- d-----w- c:\program files\Alwil Software
2011-08-18 05:09 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-18 05:09 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-18 05:08 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-18 05:08 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-18 05:08 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-18 05:08 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 05:23 . 2011-08-04 05:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-04 05:23 . 2011-08-04 05:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-04 05:23 . 2011-08-04 05:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-04 05:23 . 2011-08-04 05:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-04 05:23 . 2011-08-04 05:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-04 05:23 . 2011-08-04 05:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-04 05:23 . 2011-08-04 05:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-04 05:23 . 2011-08-04 05:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-04 05:23 . 2011-08-04 05:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-04 05:23 . 2011-08-04 05:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-04 05:23 . 2011-08-04 05:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-04 05:23 . 2011-08-04 05:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-04 05:23 . 2011-08-04 05:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-04 05:23 . 2011-08-04 05:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-04 05:23 . 2011-08-04 05:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-04 05:23 . 2011-08-04 05:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-04 05:23 . 2011-08-04 05:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-04 05:23 . 2011-08-04 05:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-04 05:23 . 2011-08-04 05:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-04 05:23 . 2011-08-04 05:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-04 05:23 . 2011-08-04 05:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-04 05:23 . 2011-08-04 05:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-04 05:23 . 2011-08-04 05:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-04 05:23 . 2011-08-04 05:23 448512 ----a-w- c:\windows\system32\html.iec
2011-08-04 05:23 . 2011-08-04 05:23 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-04 05:23 . 2011-08-04 05:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-04 05:23 . 2011-08-04 05:23 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-04 05:23 . 2011-08-04 05:23 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-04 05:23 . 2011-08-04 05:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-04 05:23 . 2011-08-04 05:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-04 05:23 . 2011-08-04 05:23 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-04 05:23 . 2011-08-04 05:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-04 05:23 . 2011-08-04 05:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-04 05:23 . 2011-08-04 05:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-04 05:23 . 2011-08-04 05:23 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-04 05:23 . 2011-08-04 05:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-27 04:53 . 2011-07-24 02:57 246272 ----a-w- c:\windows\unrar.exe
2011-07-13 04:53 . 2011-08-03 23:55 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15B09B15-09A7-4798-8906-2E12C2896F82}\mpengine.dll
2011-07-06 23:52 . 2011-02-21 00:14 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-21 00:14 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 01:42 . 2011-05-26 15:06 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 01:34 . 2009-10-14 07:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-14 01:34 . 2009-01-08 07:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2011-06-14 273544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca4a03d9039b50;Google Update Service (gupdate1ca4a03d9039b50);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 133104]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 133104]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-07 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-07 c:\windows\Tasks\09-07-2011_162134.job
- c:\program files (x86)\Spyware Cease 2011\SpywareCease2011.exe [2011-09-07 21:56]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 23:46]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 23:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24771.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{2c1e21b5-5666-4cd5-8152-96b690b7216e} - (no file)
URLSearchHooks-{d9bd6168-5948-4319-b3b2-730c2cf6adc2} - (no file)
Wow6432Node-HKCU-Run-Sonic RecordNow! Deluxe - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{2C1E21B5-5666-4CD5-8152-96B690B7216E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D9BD6168-5948-4319-B3B2-730C2CF6ADC2} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
.
**************************************************************************
.
Completion time: 2011-09-07 20:54:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-08 00:54
.
Pre-Run: 187,540,967,424 bytes free
Post-Run: 186,885,419,008 bytes free
.
- - End Of File - - 8DC619C1C5432FD9FDC18EE0B7415D1E

OTL

All processes killed
========== OTL ==========
HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2c1e21b5-5666-4cd5-8152-96b690b7216e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c1e21b5-5666-4cd5-8152-96b690b7216e}\ not found.
Registry value HKEY_USERS\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d9bd6168-5948-4319-b3b2-730c2cf6adc2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9bd6168-5948-4319-b3b2-730c2cf6adc2}\ not found.
Registry value HKEY_USERS\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2C1E21B5-5666-4CD5-8152-96B690B7216E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C1E21B5-5666-4CD5-8152-96B690B7216E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D9BD6168-5948-4319-B3B2-730C2CF6ADC2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9BD6168-5948-4319-B3B2-730C2CF6ADC2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fcfeec0-9d09-11de-a863-0022fae6d5c6}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fcfeecd-9d09-11de-a863-0022fae6d5c6}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a65e9c8-aaa2-11de-a891-001e33c95ec3}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f06e8859-bd59-11de-9c23-001e33c95ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f06e8859-bd59-11de-9c23-001e33c95ec3}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f06e8859-bd59-11de-9c23-001e33c95ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f06e8859-bd59-11de-9c23-001e33c95ec3}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f74cc34b-fb94-11de-a006-001e33c95ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f74cc34b-fb94-11de-a006-001e33c95ec3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f74cc34b-fb94-11de-a006-001e33c95ec3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f74cc34b-fb94-11de-a006-001e33c95ec3}\ not found.
File E:\LaunchU3.exe -a not found.
File/Folder C:\Users\patrick\Documents\*.tmp not found.
C:\Windows\Tasks\09-07-2011_162134.job moved successfully.
File/Folder C:\Users\patrick\Documents\*.tmp not found.
File C:\Windows\tasks\09-07-2011_162134.job not found.
File C:\Windows\loader2.exe_ok not found.
File C:\Windows\Tasks\09-07-2011_162134.job not found.
Mount Point not found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\system32\consrv.dll not found.
File\Folder C:\Windows\front_ip_list.txt not found.
File\Folder C:\Windows\iplist.txt not found.
File\Folder C:\Windows\proc_list1.log not found.
File\Folder C:\Windows\services32.exe not found.
File\Folder C:\Windows\update.1\svchost.exe not found.
File\Folder C:\Windows\Temp\6595492.exe not found.
File\Folder C:\Windows\Temp\9995171.exe not found.
File\Folder C:\Windows\update.1 not found.
File\Folder C:\windows\sysdriver32.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: patrick
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5413824 bytes
->Java cache emptied: 574745 bytes
->Google Chrome cache emptied: 51719190 bytes
->Flash cache emptied: 503 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: patrick
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.27.0 log created on 09072011_205800

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

THERE WAS NO LOG FOR TDSSKILLER, AS IT DID NOT FIND ANYTHING AT ALL.

#8
michaelg9

Posted 08 September 2011 - 03:36 AM

Trusted Helper

Malware Removal
2,949 posts

Hello,

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Next:

Uninstall
Java 1.6.0
Click here to download the latest version of java

Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services
RkHit.sys
RkHit

:Reg

:Files

:Commands
[purity]
[EMPTYFLASH]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again.
Under Extra Registry click Use Safelist
lick the Run Scan button. Post the two logs OTL.txt and Extras.txt it produces in your next reply.

Next:

How's the computer working? Are there any other problems?

#9
Snypa86

Posted 08 September 2011 - 08:52 AM

Member

Topic Starter
Member
58 posts

Hello Michael, for some reason Flash_Disinfector didnt run after being double clicked. I tried re-downloading the file 3 times and running it, but nothing happened. I uninstalled java and re-installed the new one you pointed to.

OTL

OTL logfile created on: 9/8/2011 10:40:31 AM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\patrick\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 67.11% Memory free
7.93 Gb Paging File | 6.58 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.58 Gb Total Space | 175.08 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive E: | 14.93 Gb Total Space | 10.38 Gb Free Space | 69.47% Space Free | Partition Type: FAT32
Drive F: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.01% Space Free | Partition Type: FAT32

Computer Name: PATRICK-PC | User Name: patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 01:54:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe
PRC - [2011/06/13 21:34:37 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/10/16 21:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 20:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 03:41:44 | 000,273,488 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/01/13 03:40:20 | 000,051,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/01/13 03:37:34 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/01/13 03:37:12 | 000,020,560 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 13:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/11 19:35:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/03 15:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/02 19:20:18 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/02/11 20:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 22:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/11/17 10:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/03 21:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/07/03 21:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 21:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 21:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2003/07/30 05:02:00 | 000,047,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\PxHelp64.sys -- (PxHelp64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/31 16:55:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/09/07 20:58:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25A69E9C-CD10-42B0-A99F-A0C2FBF785EC}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB0FBA6-6420-43BE-950B-BE7DDB297058}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\patrick\Pictures\2009-11-04 Mixed\Mixed 133.JPG
O24 - Desktop BackupWallPaper: C:\Users\patrick\Pictures\2009-11-04 Mixed\Mixed 133.JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 10:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/08 10:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/08 10:13:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/08 10:13:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/08 10:13:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/08 10:13:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/08 10:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/09/08 10:01:45 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\patrick\Desktop\chromeinstall-6u27 (1).exe
[2011/09/07 22:38:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/07 20:58:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/07 20:58:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/07 20:57:01 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe
[2011/09/07 20:54:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/07 20:54:17 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Local\temp
[2011/09/07 20:34:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/07 20:34:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/07 20:34:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/07 20:33:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/07 20:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/07 20:30:57 | 004,198,514 | R--- | C] (Swearware) -- C:\Users\patrick\Desktop\ComboFix.exe
[2011/09/07 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\patrick\Desktop\tdsskiller
[2011/09/07 17:52:14 | 000,000,000 | ---D | C] -- C:\Users\patrick\Desktop\RK_Quarantine
[2011/09/07 16:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Cease 2011
[2011/09/06 23:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/06 23:59:37 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 23:59:37 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/06 23:59:36 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 23:59:35 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 23:59:35 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 23:59:24 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 23:59:23 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/18 03:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/18 02:58:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/18 02:58:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/18 02:58:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/18 02:58:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/18 02:58:34 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/18 02:58:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/18 02:58:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/18 02:58:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/18 02:58:33 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/18 01:08:59 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/18 01:08:58 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/18 01:08:48 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2011/09/08 10:25:13 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/08 10:25:13 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/08 10:25:13 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/08 10:17:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 10:17:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 10:17:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 10:17:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 10:17:20 | 4156,542,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 10:13:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/08 10:13:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/08 10:13:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/08 10:13:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/08 10:05:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 10:03:32 | 000,132,597 | ---- | M] () -- C:\Users\patrick\Desktop\Flash_Disinfector.exe
[2011/09/08 09:47:46 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\patrick\Desktop\chromeinstall-6u27 (1).exe
[2011/09/07 20:58:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/07 20:26:58 | 004,198,514 | R--- | M] (Swearware) -- C:\Users\patrick\Desktop\ComboFix.exe
[2011/09/07 16:36:46 | 000,001,460 | ---- | M] () -- C:\Users\patrick\AppData\Local\d3d9caps64.dat
[2011/09/07 15:40:28 | 454,037,992 | ---- | M] () -- C:\Users\patrick\Desktop\default registry.reg
[2011/09/07 02:10:28 | 000,418,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/07 01:54:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe
[2011/09/07 00:12:25 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
[2011/09/06 23:59:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/06 23:59:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/05 12:05:38 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/18 02:31:31 | 952,948,500 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/09/08 10:01:45 | 000,132,597 | ---- | C] () -- C:\Users\patrick\Desktop\Flash_Disinfector.exe
[2011/09/07 20:34:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/07 20:34:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/07 20:34:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/07 20:34:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/07 20:34:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/07 19:35:24 | 4156,542,976 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/07 15:40:09 | 454,037,992 | ---- | C] () -- C:\Users\patrick\Desktop\default registry.reg
[2011/09/07 00:12:25 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/06 23:59:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/23 23:48:30 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/23 22:57:04 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/06/03 09:38:28 | 000,001,460 | ---- | C] () -- C:\Users\patrick\AppData\Local\d3d9caps64.dat
[2011/02/13 02:23:58 | 000,000,680 | ---- | C] () -- C:\Users\patrick\AppData\Local\d3d9caps.dat
[2010/08/05 13:40:14 | 000,004,096 | -H-- | C] () -- C:\Users\patrick\AppData\Local\keyfile3.drm
[2009/12/14 20:14:33 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2009/12/14 19:52:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/14 17:28:02 | 000,000,000 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\wklnhst.dat
[2009/12/03 22:36:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 22:36:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 22:35:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/11 04:30:37 | 000,017,043 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\UserTile.png
[2009/09/28 17:36:05 | 000,005,632 | ---- | C] () -- C:\Users\patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 16:25:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/08 03:28:20 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/06/16 20:23:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/05/03 03:00:45 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/05/03 03:00:45 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/05/03 03:00:45 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/05/03 03:00:44 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/05/03 03:00:44 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/05/03 03:00:44 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/05/03 01:26:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/03 15:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/03/03 15:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/03/03 15:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/07/31 10:09:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/05/24 04:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\lockout.dll
[2002/05/24 04:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\lockres.dll

< End of report >

Extras

OTL Extras logfile created on: 9/8/2011 10:40:31 AM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\patrick\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 67.11% Memory free
7.93 Gb Paging File | 6.58 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.58 Gb Total Space | 175.08 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive E: | 14.93 Gb Total Space | 10.38 Gb Free Space | 69.47% Space Free | Partition Type: FAT32
Drive F: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.01% Space Free | Partition Type: FAT32

Computer Name: PATRICK-PC | User Name: patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 10 D5 73 F6 0E 7D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 0
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAFBE67-B1AE-427F-A1AB-C531EEB51A59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{21E84BF4-1A24-418A-9B4B-0256FB292BE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51B4A93E-4BFE-463B-8EE5-196220C9366E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5BB50291-3E37-4ED2-829A-CB4476D16F85}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{725D338A-1234-416B-941D-893AA9AE570D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9C5F3002-DDF4-4BCC-9258-DBC7711B8A83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5BEAD13-9733-4230-AC3B-042BE6172B22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD0AD78A-E05D-4281-8EB5-D8DF282BD759}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EA7B3351-89F9-468F-BF73-46703AADADDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ED8AA23C-C4D2-4AAB-A3EF-23855D22E3EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EEB61432-0963-42BA-BCB7-000BE326FCD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F09DAFCA-88AC-40F8-8D7D-92669D72CBE1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9A08180-E546-44BF-8470-5A648559DA55}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B84D57AE-68DB-44C2-B12C-9D707EB0BA00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CAB440B5-CDD4-4C1B-B668-843FFDE37E62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0A8E2C1-FAF4-4E6D-8C59-9F8E9D82766E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F65D2719-7531-4EF8-B507-A0604217D1FE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"TCP Query User{D4E15F2E-F59C-4833-A777-37652F504CC1}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{F7C7290F-2442-4856-87B8-F9DE3229E3C6}C:\users\patrick\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{82AB9BA1-FFA8-4AC7-B7D6-70362651C44B}C:\users\patrick\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{D314577E-F146-4092-9524-0D6627BA4367}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8912A802-1DD4-41F3-8450-B3209081BDB9}" = Sprint media manager
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Deluxe
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast5" = avast! Free Antivirus
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"PDF Viewer" = PDF Viewer 0.1
"RealPlayer 12.0" = RealPlayer
"TightVNC_is1" = TightVNC 1.3.10
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2011 10:47:02 AM | Computer Name = patrick-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 8/4/2011 10:47:11 AM | Computer Name = patrick-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 8/4/2011 11:09:14 AM | Computer Name = patrick-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 8/4/2011 11:18:54 AM | Computer Name = patrick-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 8/4/2011 11:24:34 AM | Computer Name = patrick-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 8/4/2011 11:34:22 AM | Computer Name = patrick-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 8/4/2011 11:37:06 AM | Computer Name = patrick-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/4/2011 11:49:10 AM | Computer Name = patrick-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/4/2011 12:02:36 PM | Computer Name = patrick-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/4/2011 2:12:36 PM | Computer Name = patrick-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/26/2010 3:01:07 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The
requested URL does not exist on the server. ) (2760.1114)

Error - 5/1/2010 10:35:15 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (8336.1128)

Error - 5/1/2010 10:35:15 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (8336.1129)

Error - 6/9/2010 11:27:32 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule (Error: The operation has timed
out) (4072.1114)

Error - 11/10/2010 8:25:43 PM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (1648.1128)

Error - 11/10/2010 8:25:43 PM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (1648.1129)

Error - 5/21/2011 4:08:35 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3076.1128)

Error - 5/21/2011 4:08:35 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3076.1129)

Error - 8/4/2011 10:44:20 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (2456.1128)

Error - 8/4/2011 10:44:20 AM | Computer Name = patrick-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (2456.1129)

[ System Events ]
Error - 9/7/2011 8:48:38 PM | Computer Name = patrick-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 9/7/2011 8:48:38 PM | Computer Name = patrick-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9/7/2011 8:59:52 PM | Computer Name = patrick-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\PxHelp64.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/7/2011 9:00:21 PM | Computer Name = patrick-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 9/7/2011 9:00:21 PM | Computer Name = patrick-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9/8/2011 3:01:16 AM | Computer Name = patrick-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/8/2011 8:42:51 AM | Computer Name = patrick-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/8/2011 10:17:13 AM | Computer Name = patrick-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\PxHelp64.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/8/2011 10:17:43 AM | Computer Name = patrick-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 9/8/2011 10:17:46 AM | Computer Name = patrick-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

So far the computer feels slightly better. I now realize that the User Account Control starts working again like if i try to run a program or something. But what else should i be checking for to ensure that all is well?

Also some updates are waiting to be installed when i checked the shutdown button. I didnt want to change anything or do anything at all until you tell me to, so I will wait for your response as exactly what things i can start doing.

Edited by Snypa86, 08 September 2011 - 09:56 AM.

#10
michaelg9

Posted 08 September 2011 - 01:33 PM

Trusted Helper

Malware Removal
2,949 posts

Hello
Try to right click Flash Disinfector and select run as administrator.
If it doesn't work, download Panda USB Vaccine. You do need to give Panda a valid e-mail address, as they'll e-mail you the download link.

You must run the Panda USB Vaccine program before taking the USB stick out of the computer.
To do that, Select the drive letter that corresponds to your USB drive, then click the "Vaccinate USB" button.
If you wish, you can also "Vaccinate computer", but this will have the side effect of disallowing any autorun when you insert a CD, USB device, etc., meaning you'll have to start those things manually. If you're ok doing that, it's not a bad idea.

Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next:

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
Push the button.
Push

Next:

So far the computer feels slightly better. I now realize that the User Account Control starts working again like if i try to run a program or something. But what else should i be checking for to ensure that all is well?

You should check if there are any problems with the normal operation of the computer, like something not working or error messages etc. Tell me if you get any problems
Yes, you can install the windows updates

#11
Snypa86

Posted 08 September 2011 - 03:15 PM

Member

Topic Starter
Member
58 posts

MBAM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7673

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/8/2011 3:45:38 PM
mbam-log-2011-09-08 (15-45-38).txt

Scan type: Quick scan
Objects scanned: 188667
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET

C:\Program Files (x86)\Spyware Cease 2011\RkHitApi.dll a variant of Win32/Adware.SpywareCease.AA application
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Agent.AC trojan

I am going to restart and install updates now as well.

#12
michaelg9

Posted 08 September 2011 - 03:18 PM

Trusted Helper

Malware Removal
2,949 posts

Hello,

Nice, all looking good

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Program Files (x86)\Spyware Cease 2011
Then click the Run Fix button at the top

Next:

Tell me if there are any other problems and how's the computer working

#13
Snypa86

Posted 08 September 2011 - 03:36 PM

Member

Topic Starter
Member
58 posts

Thanx Michael. So should I re-enable avast and run a scan, and will it find anything at all? It is disabled at the moment by the way. I ran OTL and pasted the fix and that was also successful.Overall the computer seems stable. Do you think it is safe to use now? What else should i be doing to the computer in addition to checking for more windows update?

Seems like avast still has all the threats it found before I came here and you began helping me. Not sure what option i should take, if its to repair, move to chest, delete or do nothing. Another issue is that the windows update fail to download and install the updates, it keeps stopping for some reason. I have attached a screenshot.

Attached Thumbnails

Edited by Snypa86, 08 September 2011 - 04:18 PM.

#14
michaelg9

Posted 09 September 2011 - 07:11 AM

Trusted Helper

Malware Removal
2,949 posts

Hello,
Is this a scan you just run? Because this files were identified before and deleted, and then as I see from OTL and eset didn't re-appear.

Let's run another scan to make sure:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Next:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\windows\assembly\GAC_32\Desktop.ini
C:\windows\assembly\GAC_64\Desktop.ini
C:\windows\assembly\tmp\U\800000cf.@
C:\Windows\system32\consrv.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If ComboFix asks you to update, click yes

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next:

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

C:\windows\assembly\*.
C:\windows\assembly\*.*
C:\windows\assembly\GAC_32\*.
C:\windows\assembly\GAC_32\*.*
C:\windows\assembly\GAC_64\*.
C:\windows\assembly\GAC_64\*.*
C:\windows\assembly\tmp\*.* /s
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

#15
Snypa86

Posted 09 September 2011 - 09:14 AM

Member

Topic Starter
Member
58 posts

Yes those files were sitting there before I ever thought of contacting you, but seems like they were just saved and sitting there on that particular screen in avast.

aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-09 10:25:28
-----------------------------
10:25:28.104 OS Version: Windows x64 6.0.6002 Service Pack 2
10:25:28.104 Number of processors: 2 586 0x170A
10:25:28.104 ComputerName: PATRICK-PC UserName: patrick
10:25:30.179 Initialize success
10:25:30.912 AVAST engine defs: 11090900
10:25:54.141 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:25:54.141 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
10:25:54.219 Disk 0 MBR read successfully
10:25:54.234 Disk 0 MBR scan
10:25:54.234 Disk 0 Windows VISTA default MBR code
10:25:54.234 Service scanning
10:25:55.966 Modules scanning
10:25:55.966 Disk 0 trace - called modules:
10:25:56.028 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:25:56.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800682e790]
10:25:56.028 3 CLASSPNP.SYS[fffffa6000dd3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c48050]
10:25:57.339 AVAST engine scan C:\Windows
10:26:00.708 AVAST engine scan C:\Windows\system32
10:27:13.981 AVAST engine scan C:\Windows\system32\drivers
10:27:22.530 AVAST engine scan C:\Users\patrick
10:31:16.390 AVAST engine scan C:\ProgramData
10:34:31.792 Scan finished successfully
10:37:35.045 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
10:37:35.076 The log file has been saved successfully to "F:\aswMBR.txt"

ComboFix

I dragged the file into combofix, it updated and began scanning.It did say "failed to get data for 'EnableLUA' after it started. Didnt see it do anything like a fix, but i let it do its thing anyway, below is the log.

ComboFix 11-09-09.03 - patrick 09/09/2011 10:45:37.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2185 [GMT -4:00]
Running from: c:\users\patrick\Desktop\ComboFix.exe
Command switches used :: c:\users\patrick\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\assembly\tmp\U\800000cf.@"
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 14:55 . 2011-09-09 14:57 -------- d-----w- c:\users\patrick\AppData\Local\temp
2011-09-09 14:55 . 2011-09-09 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-08 22:13 . 2011-09-08 22:13 -------- d-----w- c:\windows\LastGood.Tmp
2011-09-08 19:47 . 2011-09-08 19:47 -------- d-----w- c:\program files (x86)\ESET
2011-09-08 19:40 . 2011-09-08 19:40 -------- d-----w- c:\programdata\Panda Security
2011-09-08 19:40 . 2011-09-08 19:40 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2011-09-08 14:14 . 2011-09-08 14:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-08 14:13 . 2011-09-08 14:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-08 14:13 . 2011-09-08 14:13 -------- d-----w- c:\program files (x86)\Java
2011-09-08 00:58 . 2011-09-08 00:58 -------- d-----w- C:\_OTL
2011-09-07 03:59 . 2011-01-13 07:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-07 03:59 . 2011-01-13 07:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-07 03:59 . 2011-01-13 07:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-07 03:59 . 2011-01-13 07:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-07 03:59 . 2011-01-13 07:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-07 03:59 . 2011-01-13 07:47 38848 ----a-w- c:\windows\avastSS.scr
2011-09-07 03:59 . 2011-01-13 07:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-31 17:09 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-31 17:09 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-18 07:11 . 2011-08-18 07:11 -------- d-----w- c:\program files\Alwil Software
2011-08-18 05:09 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-18 05:09 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-18 05:08 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-18 05:08 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-18 05:08 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-18 05:08 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 05:23 . 2011-08-04 05:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-04 05:23 . 2011-08-04 05:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-04 05:23 . 2011-08-04 05:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-04 05:23 . 2011-08-04 05:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-04 05:23 . 2011-08-04 05:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-04 05:23 . 2011-08-04 05:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-04 05:23 . 2011-08-04 05:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-04 05:23 . 2011-08-04 05:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-04 05:23 . 2011-08-04 05:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-04 05:23 . 2011-08-04 05:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-04 05:23 . 2011-08-04 05:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-04 05:23 . 2011-08-04 05:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-04 05:23 . 2011-08-04 05:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-04 05:23 . 2011-08-04 05:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-04 05:23 . 2011-08-04 05:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-04 05:23 . 2011-08-04 05:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-04 05:23 . 2011-08-04 05:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-04 05:23 . 2011-08-04 05:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-04 05:23 . 2011-08-04 05:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-04 05:23 . 2011-08-04 05:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-04 05:23 . 2011-08-04 05:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-04 05:23 . 2011-08-04 05:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-04 05:23 . 2011-08-04 05:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-04 05:23 . 2011-08-04 05:23 448512 ----a-w- c:\windows\system32\html.iec
2011-08-04 05:23 . 2011-08-04 05:23 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-04 05:23 . 2011-08-04 05:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-04 05:23 . 2011-08-04 05:23 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-04 05:23 . 2011-08-04 05:23 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-04 05:23 . 2011-08-04 05:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-04 05:23 . 2011-08-04 05:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-04 05:23 . 2011-08-04 05:23 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-04 05:23 . 2011-08-04 05:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-04 05:23 . 2011-08-04 05:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-04 05:23 . 2011-08-04 05:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-04 05:23 . 2011-08-04 05:23 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-04 05:23 . 2011-08-04 05:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-27 04:53 . 2011-07-24 02:57 246272 ----a-w- c:\windows\unrar.exe
2011-07-13 04:53 . 2011-08-03 23:55 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15B09B15-09A7-4798-8906-2E12C2896F82}\mpengine.dll
2011-07-06 23:52 . 2011-02-21 00:14 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-21 00:14 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 01:42 . 2011-05-26 15:06 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 01:34 . 2009-10-14 07:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-14 01:34 . 2009-01-08 07:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-08_00.48.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-09-08 00:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-09 14:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-09 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-08 00:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-08 00:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-09 14:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-09 14:58 73038 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-09-09 14:58 85832 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-08 07:29 . 2011-09-09 14:58 18088 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3484157149-2296695972-584191382-1000_UserData.bin
+ 2009-12-03 13:27 . 2009-12-03 13:27 74272 c:\windows\system32\RtNicProp64.dll
+ 2009-12-03 13:27 . 2009-12-03 13:27 74272 c:\windows\system32\DriverStore\FileRepository\netrtx64.inf_5681466c\RtNicProp64.dll
- 2009-09-08 07:26 . 2011-08-04 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-08 07:26 . 2011-09-08 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-08 07:26 . 2011-08-04 14:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-08 19:40 . 2011-09-08 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-08 07:26 . 2011-09-08 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-08 07:26 . 2011-08-04 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-08 20:05 . 2011-09-08 20:05 22016 c:\windows\Installer\13f5f7a.msi
+ 2006-11-02 12:40 . 2011-09-08 22:13 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-07-14 07:19 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-09-08 22:13 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-07-14 07:19 51200 c:\windows\inf\infpub.dat
+ 2011-09-08 22:50 . 2011-09-08 22:50 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\357c754688a5756ac7fc4fc831ffbf03\System.Windows.Presentation.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\f7738bf2ff3dc492be82f64880dcfc4c\System.Web.ApplicationServices.ni.dll
+ 2011-09-08 22:54 . 2011-09-08 22:54 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\b25f69257705a10c95b7b3189e2fc390\System.Windows.Presentation.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c43c3b0a5d254895dd63c46bad2f23c0\System.Web.ApplicationServices.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a1fdc3ccb352a4ad6ee0efa0eaee40fb\System.ServiceModel.Channels.ni.dll
+ 2009-10-23 21:33 . 2011-09-08 00:59 1580 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2011-09-09 14:56 . 2011-09-09 14:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-08 00:48 . 2011-09-08 00:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-09 14:56 . 2011-09-09 14:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-08 00:48 . 2011-09-08 00:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-08 14:13 . 2011-09-08 14:13 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-09-08 14:13 . 2011-09-08 14:13 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-09-08 14:13 . 2011-09-08 14:13 145184 c:\windows\SysWOW64\java.exe
+ 2010-01-05 20:39 . 2010-01-05 20:39 107552 c:\windows\system32\RTNUninst64.dll
- 2006-11-02 12:46 . 2011-09-08 00:31 607406 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-08 22:12 607406 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-09-08 00:31 105014 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-09-08 22:12 105014 c:\windows\system32\perfc009.dat
+ 2010-01-05 20:39 . 2010-01-05 20:39 107552 c:\windows\system32\DriverStore\FileRepository\netrtx64.inf_5681466c\RTNUninst64.dll
+ 2010-06-23 13:21 . 2010-06-23 13:21 318568 c:\windows\system32\DriverStore\FileRepository\netrtx64.inf_5681466c\Rtlh64.sys
+ 2010-06-23 13:21 . 2010-06-23 13:21 318568 c:\windows\system32\drivers\Rtlh64.sys
+ 2010-10-29 07:16 . 2011-09-09 14:55 391484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-29 07:16 . 2011-09-08 00:47 391484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-29 07:16 . 2011-09-08 21:44 780316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3484157149-2296695972-584191382-1000-8192.dat
+ 2011-09-08 21:21 . 2011-09-08 21:21 392252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3484157149-2296695972-584191382-1000-4096.dat
+ 2011-09-08 14:14 . 2011-09-08 14:14 203776 c:\windows\Installer\2d1b930.msi
+ 2011-09-08 14:13 . 2011-09-08 14:13 901120 c:\windows\Installer\2d1b92b.msi
- 2006-11-02 12:40 . 2011-07-14 07:19 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-09-08 22:13 143360 c:\windows\inf\infstrng.dat
+ 2011-09-08 22:50 . 2011-09-08 22:50 322048 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6c332f5c8c795f7e5415d94bf1d68b0b\WindowsFormsIntegration.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\0b326be8df8a20d09e9eb8e827c7258c\UIAutomationClient.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 525824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\c767821a3004226d67edf155d5737083\System.Xml.Linq.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 254976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\a7fe785edf8113c49b5fa6adcb537408\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\0cad532e2fb59585cc790c3fe656e64f\System.Transactions.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 280576 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ee501cc4420ce53f2ded79b3ad798c90\System.ServiceProcess.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 107520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e3cbf844da8dbc1190d37abc30570e29\System.ServiceModel.Channels.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 507904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4b2c5b2baad543993991af8e6e347964\System.ServiceModel.Routing.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 939520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\bd4e7dba4c1d18de2bb92f050691f714\System.Security.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\3ae7f226fe2de56b8a1417d52ed51029\System.Runtime.Remoting.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 930304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\41d449b0be8ff6b6dc9174313db88459\System.Net.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\f8aa02fc7b4467081e19e35a5601f518\System.Messaging.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\4fc188ed573c4a57a0287938986f6a1c\System.Management.Instrumentation.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\0cca1aa68edcb1f5ee92fc8aaa2c7d51\System.IO.Log.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\80d06aff25a9994a00f2976a1cb06733\System.IdentityModel.Selectors.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\df0ac9043e9b88bcafa5b378994d8365\System.EnterpriseServices.Wrapper.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 511488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\ce5254e2408f77d6a09d30508f8dd52a\System.Dynamic.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 628736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6048f7c3071c23536b976d262c34fae1\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\80d5d1a7442173fc59c419b8d1c647ff\System.Device.ni.dll
+ 2011-09-08 22:48 . 2011-09-08 22:48 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\33038b29c486ff870f23a6b37e5b9d11\System.Data.DataSetExtensions.ni.dll
+ 2011-09-08 22:48 . 2011-09-08 22:48 181248 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c509822f920d2613ab999e6148ab8099\System.Configuration.Install.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e0dc7e5bc5e66268387e19c10727a030\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\55d507e7cc2017d6eed82527df1e910a\System.AddIn.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 553472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\0a65293a0732eaeb538fb5d9accafe92\System.Activities.DurableInstancing.ni.dll
+ 2011-09-08 22:43 . 2011-09-08 22:43 430080 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\7597686f1c999b6491518ff47508acdf\SMSvcHost.ni.exe
+ 2011-09-08 22:46 . 2011-09-08 22:46 184832 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\53d186939a3367ce3b37c84464370ca6\SMDiagnostics.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 387584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eb1dae468677366538f99b623e7a7018\PresentationFramework.Royale.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 745984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1e80fa78c14d8cac7feaa1d70ffb0a38\PresentationFramework.Luna.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\196d1a63ee35811bd9ce868bc70273a7\PresentationFramework.Classic.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 555520 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\039366972f5ad8f34025c5aed57c1929\PresentationFramework.Aero.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 421888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\cd5602c2be34ac18dcedad7409340a73\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\85e60ede22b298d7e5fcc17757f74ef1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-08 22:54 . 2011-09-08 22:54 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6472eef5098d682d9fe1ba988f0e2a16\WindowsFormsIntegration.ni.dll
+ 2011-09-08 22:54 . 2011-09-08 22:54 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\30c40325e5863915a93fdbc61888017e\UIAutomationClient.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\21077827f11f2b5473a075c2cfe52869\System.Xml.Linq.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\fd14fbfb1b15903bf9fb8b712e497117\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\35088dcea3449dd518738b606bd9a150\System.Transactions.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e5e480c7ee8c4e0e0a08bb9d809da311\System.ServiceProcess.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e6c0820211b8ef81c6273f1e2159662b\System.ServiceModel.Routing.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f0273f74592371ee808687bbe3b47c96\System.Security.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\d1da56a093b968d79f7ab3fb10a9b9ca\System.Runtime.Remoting.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6a64161b2b9795a2db7404b1c4594a1f\System.Net.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\db4a2bdca79d189d8d4a5beaf5798eff\System.Messaging.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\da1301f9af8b84875439449d68ed6488\System.Management.Instrumentation.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\cf5e78d682f36ee0cf243c9c0086d9c4\System.IO.Log.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\2322a873c1b039804c0606c71852d192\System.IdentityModel.Selectors.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\535974de0ac28f073025a0d2cfae1568\System.EnterpriseServices.Wrapper.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\535974de0ac28f073025a0d2cfae1568\System.EnterpriseServices.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\e208a029639dec267bb888366feba173\System.Dynamic.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0c37a3bc52d0a8fb2343f912da4a49a6\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\062b6ae9f82eb189eb383c26d0a40996\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\d325ed56b35d4745619121ae9293bf07\System.Device.ni.dll
+ 2011-09-08 22:52 . 2011-09-08 22:52 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\544584967fdc7025f6a4506696110493\System.Data.DataSetExtensions.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\adeec723413d77446d6606813c050048\System.Configuration.ni.dll
+ 2011-09-08 22:52 . 2011-09-08 22:52 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\acd1a7754df6d47b53df162dfe63de92\System.Configuration.Install.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\17aff9c2c94f82753e669acc12631cfb\System.ComponentModel.Composition.ni.dll
+ 2011-09-08 22:52 . 2011-09-08 22:52 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\0f2c28024362223e2f9d3666bacdae54\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-08 22:52 . 2011-09-08 22:52 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\9c18864a019ded007f212239f6b5a37a\System.AddIn.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\736a509c3674fdfd018ae4530d12397a\System.Activities.DurableInstancing.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\227ebd4817d958e0ccb2234fd8dfc9ce\SMSvcHost.ni.exe
+ 2011-09-08 22:51 . 2011-09-08 22:51 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\04375632f6906bd95e87c5d85b31e2a6\SMDiagnostics.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b2449fe3db220f6110d76287246caaf6\PresentationFramework.Luna.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\814807b505a3f318fbd225ac41897a3f\PresentationFramework.Royale.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63a4e0d2a3a83df23a2d120127e9312f\PresentationFramework.Classic.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\404f0d161b7bfc2c1ef9a4b47c37bfa8\PresentationFramework.Aero.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\852401258217bcde129d29d7c15d0162\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\982b28a3e0a3f8818f893a3331d9f0bd\Microsoft.Transactions.Bridge.Dtc.ni.dll
- 2009-06-16 23:52 . 2011-09-08 00:47 2309048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-06-16 23:52 . 2011-09-09 14:55 2309048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-04 15:35 . 2011-09-07 18:48 1587092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3484157149-2296695972-584191382-1000-12288.dat
+ 2011-08-04 15:35 . 2011-09-08 21:21 1587092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3484157149-2296695972-584191382-1000-12288.dat
+ 2011-04-28 12:48 . 2011-04-28 12:48 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-04-28 12:48 . 2011-04-28 12:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-28 13:57 . 2011-04-28 13:57 2721280 c:\windows\Installer\9fa7b.msp
+ 2011-09-08 22:44 . 2011-09-08 22:44 5176320 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\5202133e255ce05947b8afe895e3f76f\WindowsBase.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\a9bf6deb79fd9d2b2541a950ab75a70f\UIAutomationClientsideProviders.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 7038976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1ac4e05bc3b2813ddadb59ba9f0fd961\System.Xml.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 2447360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\37ecfcc3de7bdc36ba1c3dfb7ee6a6d5\System.Xaml.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 5627392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\66beb5e0938298c2812c188925644c94\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 2222592 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\3b31367a53da33699ed7f053f1157593\System.Web.Services.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 2733568 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\23e8fddabb602c3efb1e0a66f37fab2f\System.Speech.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 1561600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\713b393e8d7075bd1a3683f9e6f6b268\System.ServiceModel.Discovery.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 1904640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\49d303c42b9b694447a3ba6e2a1548cf\System.ServiceModel.Activities.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 3404288 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\6c1acbeb3e61475007b5d20745cad8e8\System.Runtime.Serialization.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 1346560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\12d17462d5e3ba196e299bb0f1f0b20d\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 1422336 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\ed79f8685b97f5520a3169860c8df9f8\System.Printing.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\58696f56812c7ea9dc5fde8baa3a4b2a\System.Management.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\ad8f2f562edccb394180c80e54ddfb21\System.IdentityModel.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 1096704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\df0ac9043e9b88bcafa5b378994d8365\System.EnterpriseServices.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\058e1143c689861be149cf7c1fcf597a\System.Drawing.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\eb5e94ddc12db438063a90394e46f070\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 1622016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\0cf67c3a77fd159d0af43d16663b1a65\System.DirectoryServices.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 2400256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\39ccef129f4a96c17b6406678d53c87b\System.Deployment.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 8580608 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\fc45ad58e3a025051ededa0efbae404f\System.Data.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\ed5027c747ed64957ac313befd47e345\System.Data.SqlXml.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 1791488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c6f24f3171576104e80b12c4f4254ed2\System.Data.Services.Client.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 3380736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\5f31190f3c1a0ec0518782618b804517\System.Data.Linq.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 1255424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\fcf22c02eb60f8d045daa4386bb604f3\System.Configuration.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 1002496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\6f848e806caa9545c09866dd0950d853\System.ComponentModel.Composition.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 5680640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\c073f492e366b50d599e8f1447579946\System.Activities.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 4887040 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\6f2faf3f19358776373922b510603a8f\System.Activities.Presentation.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 2005504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\9a2609f428f731670b3a730cb3f88dd4\System.Activities.Core.Presentation.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 4127232 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\dbe098606014df542c37b96962fd8717\ReachFramework.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 2032128 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\00416e9efbc68509f113692996b45e75\PresentationUI.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 2314752 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\d83a6fc3a6bd96beaa9845201290f292\Microsoft.VisualBasic.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\c386ff5a7c5bfa6b1dfdc6f53119b3a6\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\36347f2a750bf1af184da9b6783a376c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 1510400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\e174701b531de21d8a96ea8ea5975000\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-08 22:49 . 2011-09-08 22:49 3312128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\9f986e23b6ecb48281324d51fdb6e799\Microsoft.JScript.ni.dll
+ 2011-09-08 22:44 . 2011-09-08 22:44 2009088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\5046c55b7feb9c9156d18fe1d4735480\Microsoft.CSharp.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\34f85cc53f8487a29fcaf90c9efd93b2\WindowsBase.ni.dll
+ 2011-09-08 22:54 . 2011-09-08 22:54 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\7589c9739d52787b05c68a143d20dcee\UIAutomationClientsideProviders.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 9085952 c:\windows\assembly\NativeImages_v4.0.30319_32\System\b13a0678a604588bfb6a4ebfadc32cb0\System.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bbcb0d5e67db5452b3ba77fd71ea182d\System.Xml.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3aa498d229252ab540482ccecaab8f85\System.Xaml.ni.dll
+ 2011-09-08 22:54 . 2011-09-08 22:54 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4742ebf18e4d1f9f6a464afb3f2e884d\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\374d8a7604c668bf76fbf3ba05e61f35\System.Web.Services.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\36b38adc49360fcc35892ab7fb15c9d8\System.Speech.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e2abacbaf2e4786339eba541d3d5596c\System.ServiceModel.Discovery.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0f9b303dde68998490e8b5be32c6147a\System.ServiceModel.Activities.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\020ccbaa78022e92722e98d1c677bfed\System.Runtime.Serialization.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\65c22515c57fbe4a3c3a6382986d7192\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\16fb985d0651d7c5d25aa06de7921eee\System.Printing.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\2c94c3a30c2464d14c3edb1ef5ad9c18\System.Management.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\0d26f913a3620a32aac1bf34e380ede0\System.IdentityModel.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c3b1fb3982b305452a4c7c8cdcb1934\System.Drawing.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9e98b2fb9d6c6bfd22331a3612e1ae77\System.DirectoryServices.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\738bd15095d25b3df67f7574274e3480\System.Deployment.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\a2191137e48d026aafbd8395d767afa1\System.Data.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\921f450dafcc9c118240bdc111f85c7b\System.Data.SqlXml.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\392366875f6c71fdd16e1db79062ebb1\System.Data.Services.Client.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\12d1f89d64401ab14f15e3e5e4ddf966\System.Data.Linq.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2adac0cd51859321437cc684331a3b45\System.Core.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\9bbcd5e6d245a8b7799b5425b2b2b302\System.Activities.ni.dll
+ 2011-09-08 22:52 . 2011-09-08 22:52 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\276bef59e43e2fa5b005d47b1a898d80\System.Activities.Presentation.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\2899fc096074503091d61f6744c11845\System.Activities.Core.Presentation.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\56e13dd851c3818cad1ae86777baedda\ReachFramework.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5e48f32fa425c2e822776c54d4a98093\PresentationUI.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a75299879ae349d917320df0d68e6e2b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5753643b5768a762ff52c1a3e86437a8\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3a35d8c95c2a851e1175cc02d3ad3e50\Microsoft.VisualBasic.ni.dll
+ 2011-09-08 22:51 . 2011-09-08 22:51 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ba6e30d4928b782b24606e333d72e9bd\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\6fb9478d3774d431ccd29f7524446f18\Microsoft.JScript.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\7c28712cdf88f58930538dcc2f342a78\Microsoft.CSharp.ni.dll
+ 2006-11-02 12:33 . 2011-09-08 21:21 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-09-01 19:33 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-09-08 21:37 . 2011-09-08 21:37 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\e033094f5df23aa619519b537eb14448\System.ni.dll
+ 2011-09-08 22:47 . 2011-09-08 22:47 17288192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e0091eb98fa841649b6fad17bb0e7262\System.Windows.Forms.ni.dll
+ 2011-09-08 22:50 . 2011-09-08 22:50 24483840 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\a73197785f07721fd89b02713b6f0b86\System.ServiceModel.ni.dll
+ 2011-09-08 22:48 . 2011-09-08 22:48 18434048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\fe4d47d9ba672ae77c737bb7ad518324\System.Data.Entity.ni.dll
+ 2011-09-08 22:43 . 2011-09-08 22:43 10422272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\4ef06cf2c3950f4d4b9037b841c05914\System.Core.ni.dll
+ 2011-09-08 22:46 . 2011-09-08 22:46 23242240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9b38883339d48793df2b27d247e73971\PresentationFramework.ni.dll
+ 2011-09-08 22:45 . 2011-09-08 22:45 15102976 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\7b4a4ec0cae68a2c165b0a73be99105d\PresentationCore.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f72ff4e603cc8879eb7b18841bfa9c0c\System.Windows.Forms.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\af95bce9a5fcfe3119fc175cc9b0b3d5\System.ServiceModel.ni.dll
+ 2011-09-08 22:53 . 2011-09-08 22:53 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\ce6c51d21159048033141cfc37c74aa2\System.Data.Entity.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1be95cb0b36c0cc1a0b13d20387e0bcc\PresentationFramework.ni.dll
+ 2011-09-08 21:38 . 2011-09-08 21:38 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\957a34ba01f489cf306bd9aeffcbf67b\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2011-06-14 273544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca4a03d9039b50;Google Update Service (gupdate1ca4a03d9039b50);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 133104]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 133104]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-07 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 23:46]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-10 23:46]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Completion time: 2011-09-09 11:03:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 15:03
ComboFix2.txt 2011-09-08 00:54
.
Pre-Run: 190,479,319,040 bytes free
Post-Run: 190,674,128,896 bytes free
.
- - End Of File - - E801A0D054EF785F03981AE3BD5DB652

OTL

When we use OTL and we paste a fix, will pressing scan alone do a scan and also do the fix that was pasted? I pasted the stuff you told me to, and hit scan, but I'm not sure if it did anything with the "fix" that we pasted. Anyways, the log is below of when the scan was done.

OTL logfile created on: 9/9/2011 11:05:55 AM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\patrick\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 60.90% Memory free
7.92 Gb Paging File | 6.36 Gb Available in Paging File | 80.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.58 Gb Total Space | 177.62 Gb Free Space | 61.98% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.80 Gb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: PATRICK-PC | User Name: patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 01:54:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe
PRC - [2011/06/13 21:34:37 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/04/14 20:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/10/16 21:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 20:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 03:41:44 | 000,273,488 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/01/13 03:40:20 | 000,051,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/01/13 03:37:34 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/01/13 03:37:12 | 000,020,560 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 13:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/11 19:35:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/03 15:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/02 19:20:18 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/02/11 20:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/27 22:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/11/17 10:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/03 21:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/07/03 21:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 21:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 21:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2003/07/30 05:02:00 | 000,047,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\PxHelp64.sys -- (PxHelp64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/31 16:55:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/09/09 10:57:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3484157149-2296695972-584191382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25A69E9C-CD10-42B0-A99F-A0C2FBF785EC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\patrick\Pictures\2009-11-04 Mixed\Mixed 133.JPG
O24 - Desktop BackupWallPaper: C:\Users\patrick\Pictures\2009-11-04 Mixed\Mixed 133.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/08 15:41:14 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 11:03:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/09 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\patrick\AppData\Local\temp
[2011/09/09 11:02:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/08 15:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/08 15:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/09/08 15:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/09/08 15:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2011/09/08 10:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/08 10:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/08 10:13:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/08 10:13:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/08 10:13:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/08 10:13:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/08 10:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/09/07 20:58:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/07 20:57:01 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe
[2011/09/07 20:34:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/07 20:34:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/07 20:34:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/07 20:33:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/07 20:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/07 20:30:57 | 004,201,032 | R--- | C] (Swearware) -- C:\Users\patrick\Desktop\ComboFix.exe
[2011/09/07 20:30:52 | 000,000,000 | ---D | C] -- C:\Users\patrick\Desktop\tdsskiller
[2011/09/07 17:52:14 | 000,000,000 | ---D | C] -- C:\Users\patrick\Desktop\RK_Quarantine
[2011/09/06 23:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/06 23:59:37 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 23:59:37 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/06 23:59:36 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 23:59:35 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 23:59:35 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 23:59:24 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 23:59:23 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/18 03:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/18 02:58:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/18 02:58:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/18 02:58:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/18 02:58:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/18 02:58:34 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/18 02:58:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/18 02:58:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/18 02:58:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/18 02:58:33 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/18 01:08:59 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/18 01:08:58 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/18 01:08:48 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2011/09/09 11:03:05 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/09 11:03:05 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/09 11:03:05 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/09 10:57:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/09 10:57:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 10:56:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 10:56:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 10:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/09 10:56:36 | 4156,542,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/09 10:42:50 | 004,201,032 | R--- | M] (Swearware) -- C:\Users\patrick\Desktop\ComboFix.exe
[2011/09/09 10:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 10:13:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/08 10:13:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/08 10:13:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/08 10:13:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/07 16:36:46 | 000,001,460 | ---- | M] () -- C:\Users\patrick\AppData\Local\d3d9caps64.dat
[2011/09/07 02:10:28 | 000,418,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/07 01:54:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\patrick\Desktop\OTL.exe
[2011/09/07 00:12:25 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
[2011/09/06 23:59:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/06 23:59:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/05 12:05:38 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/18 02:31:31 | 952,948,500 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/09/07 20:34:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/07 20:34:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/07 20:34:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/07 20:34:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/07 20:34:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/07 19:35:24 | 4156,542,976 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/07 00:12:25 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/06 23:59:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/23 23:48:30 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/23 22:57:04 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/06/03 09:38:28 | 000,001,460 | ---- | C] () -- C:\Users\patrick\AppData\Local\d3d9caps64.dat
[2011/02/13 02:23:58 | 000,000,680 | ---- | C] () -- C:\Users\patrick\AppData\Local\d3d9caps.dat
[2010/08/05 13:40:14 | 000,004,096 | -H-- | C] () -- C:\Users\patrick\AppData\Local\keyfile3.drm
[2009/12/14 20:14:33 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2009/12/14 19:52:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/14 17:28:02 | 000,000,000 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\wklnhst.dat
[2009/12/03 22:36:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 22:36:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 22:35:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/11 04:30:37 | 000,017,043 | ---- | C] () -- C:\Users\patrick\AppData\Roaming\UserTile.png
[2009/09/28 17:36:05 | 000,005,632 | ---- | C] () -- C:\Users\patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 16:25:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/08 03:28:20 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/06/16 20:23:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/05/03 03:00:45 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/05/03 03:00:45 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/05/03 03:00:45 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/05/03 03:00:44 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/05/03 03:00:44 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/05/03 03:00:44 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/05/03 01:26:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/03 15:12:44 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/03/03 15:12:44 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/03/03 15:12:42 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/07/31 10:09:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/05/24 04:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\lockout.dll
[2002/05/24 04:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\lockres.dll

========== LOP Check ==========

[2011/01/20 04:18:48 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\CometPlayer
[2010/08/04 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\iWin
[2009/09/13 04:28:22 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Leadertech
[2011/08/05 20:18:51 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\mjusbsp
[2010/10/12 21:43:23 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\PDF Viewer
[2009/12/14 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Smith Micro
[2011/03/25 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TeamViewer
[2009/12/14 17:28:05 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\Template
[2010/12/27 22:38:15 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TigerPlayer
[2009/09/08 03:56:47 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\TOSHIBA
[2009/09/09 05:14:35 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\WildTangent
[2009/09/08 03:27:56 | 000,000,000 | ---D | M] -- C:\Users\patrick\AppData\Roaming\WinBatch
[2011/09/09 10:55:43 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< C:\windows\assembly\*. >
[2011/08/05 20:18:43 | 000,000,000 | ---D | M] -- C:\windows\assembly\GAC
[2011/09/09 10:54:58 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32
[2011/09/09 10:54:58 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64
[2011/08/05 20:19:11 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_MSIL
[2011/08/31 13:17:20 | 000,000,000 | ---D | M] -- C:\windows\assembly\NativeImages_v2.0.50727_32
[2011/08/31 13:13:20 | 000,000,000 | ---D | M] -- C:\windows\assembly\NativeImages_v2.0.50727_64
[2011/09/08 18:54:05 | 000,000,000 | ---D | M] -- C:\windows\assembly\NativeImages_v4.0.30319_32
[2011/09/08 18:50:50 | 000,000,000 | ---D | M] -- C:\windows\assembly\NativeImages_v4.0.30319_64
[2011/09/08 17:37:01 | 000,000,000 | ---D | M] -- C:\windows\assembly\temp
[2011/09/08 17:37:01 | 000,000,000 | ---D | M] -- C:\windows\assembly\tmp

< C:\windows\assembly\*.* >
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2009/12/14 19:24:52 | 000,000,000 | RH-- | M] () -- C:\windows\assembly\PublisherPolicy.tme
[2009/09/15 23:48:42 | 000,000,000 | RH-- | M] () -- C:\windows\assembly\pubpol14.dat
[2009/12/14 19:24:52 | 000,000,000 | RH-- | M] () -- C:\windows\assembly\pubpol27.dat

< C:\windows\assembly\GAC_32\*. >
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\CustomMarshalers
[2011/08/05 20:17:36 | 000,000,000 | ---D | M] -- C:\windows\assembly\GAC_32\ehexthost32
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\ISymWrapper
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Microsoft.Ink
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\mscorlib
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\napcrypt
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\naphlpr
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\PresentationCore
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\System.Data
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\System.Data.OracleClient
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\System.EnterpriseServices
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\System.Printing
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\System.Transactions
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_32\System.Web

< C:\windows\assembly\GAC_32\*.* >
File not found -- C:\windows\assembly\GAC_32\

< C:\windows\assembly\GAC_64\*. >
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\BDATunePIA
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\CustomMarshalers
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\ISymWrapper
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\mcstoredb
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\mcupdate
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Mcx2Dvcs
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Microsoft.Ink
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles
[2011/08/05 20:17:36 | 000,000,000 | ---D | M] -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop
[2011/08/05 20:17:36 | 000,000,000 | ---D | M] -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media
[2011/08/05 20:17:36 | 000,000,000 | ---D | M] -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\mscorlib
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\napcrypt
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\naphlpr
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Policy.1.0.Microsoft.Ink
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\Policy.1.7.Microsoft.Ink
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\PresentationCore
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\System.Data
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\System.Data.OracleClient
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\System.EnterpriseServices
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\System.Printing
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\System.Transactions
[2011/08/05 20:17:36 | 000,000,000 | R--D | M] -- C:\windows\assembly\GAC_64\System.Web

< C:\windows\assembly\GAC_64\*.* >
File not found -- C:\windows\assembly\GAC_64\

< C:\windows\assembly\tmp\*.* /s >
[2011/09/07 15:34:07 | 000,002,144 | -HS- | M] () -- C:\windows\assembly\tmp\click.tlb
[2011/09/07 17:52:10 | 000,002,540 | -HS- | M] () -- C:\windows\assembly\tmp\loader.tlb
[2011/07/23 23:09:51 | 000,002,048 | ---- | M] () -- C:\windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
[2011/07/23 23:10:57 | 000,002,560 | ---- | M] () -- C:\windows\assembly\tmp\U\000000c0.@
[2011/07/23 23:10:57 | 000,002,048 | ---- | M] () -- C:\windows\assembly\tmp\U\000000cb.@
[2011/08/14 23:00:25 | 000,001,536 | ---- | M] () -- C:\windows\assembly\tmp\U\000000cf.@
[2011/07/23 23:10:57 | 000,017,920 | ---- | M] () -- C:\windows\assembly\tmp\U\80000000.@
[2011/09/07 19:36:39 | 000,070,144 | ---- | M] () -- C:\windows\assembly\tmp\U\800000c0.@
[2011/09/07 15:30:07 | 000,027,136 | ---- | M] () -- C:\windows\assembly\tmp\U\800000cb.@
[2011/09/07 20:24:40 | 000,000,000 | ---- | M] () -- C:\windows\assembly\tmp\U\800000cf.$

< End of report >