Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/DNSchanger.vj.2 is found by Antivir and is persistent


  • This topic is locked This topic is locked

#1
Eduardotrojan

Eduardotrojan

    Member

  • Member
  • PipPip
  • 29 posts
HI!

I get a notice that the above titled malware is found and that windows defender is now deactivated and the machine will not let me activate it again. I have malwarebytes and it did not fix the problem nor does Antivir Luke SKywalker. Any help would be much appreciated. I downloaded OTL and have performed a scan. Also, the error message seems to only pop up when I open my windows live mail or instant messenger.

OTL post is below:

OTL logfile created on: 9/29/2011 3:10:25 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Eddie\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 63.44% Memory free
8.09 Gb Paging File | 6.42 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 157.66 Gb Free Space | 55.63% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.75 Gb Free Space | 52.90% Space Free | Partition Type: NTFS

Computer Name: EDDIES-DELL | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Downloads\OTL.exe
PRC - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/02 17:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/03/07 15:16:26 | 001,934,600 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/03/07 15:16:26 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/20 22:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/07 15:17:04 | 000,088,840 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2009/03/07 15:16:30 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2009/03/07 15:15:28 | 000,234,248 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/20 04:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 04:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 12:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldocoms.exe -- (dldo_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/30 18:37:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 18:37:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/21 15:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 04:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/11 09:47:50 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausbft.sys -- (MAUSBFT)
DRV:64bit: - [2009/02/10 05:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 05:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/26 03:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 02:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 11:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 05:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/16 05:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 05:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 05:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eddie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 16:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/28 08:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/28 08:59:17 | 000,000,000 | ---D | M]

[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/09/28 22:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions
[2011/05/13 16:48:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/28 08:59:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/21 17:27:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/03 13:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/11/18 00:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/28 08:59:14 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2011/09/28 08:59:14 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 17:29:22 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 08:59:15 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/08/29 16:11:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/08/29 16:11:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/08/29 16:11:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/08/29 16:11:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/08/29 16:11:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/08/29 16:11:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/08/29 16:11:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2010/12/03 13:36:32 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2010/12/03 13:36:32 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2010/12/03 13:36:32 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2010/12/03 13:36:32 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2010/12/03 13:36:32 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2010/12/03 13:36:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2010/12/03 13:36:32 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2269212704-1472434456-3381114442-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4256B9A-C8A6-44DB-8C18-7B71AE3A41C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Dell 968 AIO Printer - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: DigidesignMMERefresh - hkey= - key= - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
MsConfig:64bit - StartUpReg: dldomon.exe - hkey= - key= - C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
MsConfig:64bit - StartUpReg: FATrayAlert - hkey= - key= - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
MsConfig:64bit - StartUpReg: NoteBurner - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2011/09/29 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{867D776B-21DA-40CB-873A-0E30A63FD83A}
[2011/09/29 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D1E16AAF-0113-42C6-9E39-F38BE967FA77}
[2011/09/28 23:28:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/09/28 22:58:31 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/28 22:56:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\temp
[2011/09/28 22:37:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/28 17:57:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/28 17:57:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 17:57:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 17:57:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/09/28 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 15:32:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 13:51:42 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/28 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/28 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{59037DF7-88F6-4DE3-9910-1E413497085C}
[2011/09/28 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C7DECBEA-FA01-409D-B3D7-33E8BF2A755E}
[2011/09/27 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4D8AB078-DF0B-442C-A517-6433D4602583}
[2011/09/27 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{92EC7465-CCDF-42FF-922C-13A766BF0CCA}
[2011/09/27 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DB4C806F-32CE-4569-AA84-EE2981D87F45}
[2011/09/27 19:04:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4D6C8DF3-DA16-4222-AFF0-F7345A9417FC}
[2011/09/26 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C27E97BA-E07A-4920-A0E9-9F3143232148}
[2011/09/26 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D0E84954-175B-4800-B9B5-60FCC3835BB8}
[2011/09/26 19:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CC658B85-D18B-47A1-A5B3-78B06860DED1}
[2011/09/25 11:18:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9851104D-EB88-4FE6-9C7F-831340CCBFD0}
[2011/09/24 14:26:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A8765A34-E574-4DCF-856D-25A830F3D6D0}
[2011/09/24 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{91B40AD4-A3AA-415B-A3F5-2B4E120E2C74}
[2011/09/23 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6B168EB2-001D-4F48-8724-8E8A36EE7CB2}
[2011/09/23 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{21D8F1BE-E83E-42D2-AB4E-E99DDEB49BCD}
[2011/09/22 23:42:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9B339570-F9A5-41FE-8936-C7EF02828C52}
[2011/09/22 23:41:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7938C6AD-3EA5-47EA-A07F-AACE8562344F}
[2011/09/22 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B0FA220E-D2AF-4847-BCB0-215D617C082A}
[2011/09/22 11:01:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{34E7E47C-D17E-404C-888E-BA7665315A05}
[2011/09/21 23:00:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{63388E45-B2EE-4909-93FC-8A9B8F5F0A64}
[2011/09/21 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{581F50DF-E9C7-43F7-8690-93F850F5075F}
[2011/09/21 13:05:51 | 000,000,000 | -HSD | C] -- C:\Users\Eddie\AppData\Roaming\888C743A
[2011/09/21 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B6601F8F-E1E5-407D-B729-A9749BC5526F}
[2011/09/21 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7DFE8EF3-7864-4038-A3E0-BEE4D4777920}
[2011/09/21 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{63DDFE95-C8C6-43B5-A5F7-AA07F8B455FE}
[2011/09/21 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EA553DF5-E4C6-4A35-A138-4A711A4B8FBB}
[2011/09/20 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{33B0A467-E9D0-45AF-9157-E11EBAEA5426}
[2011/09/20 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C50581AF-F9AA-4988-AAB4-2C5AA1D91374}
[2011/09/19 21:27:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AB6FFCEB-04CE-41E6-85D0-2ED91E4C4C0E}
[2011/09/19 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3A2BF5F6-0FEA-475E-97D3-92247F96F86D}
[2011/09/19 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EAF75024-EE23-43D2-9610-D6207DF1EF64}
[2011/09/19 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B3FDF80C-9874-4EE0-AA08-3C34E9D78D89}
[2011/09/18 16:50:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{35DE1D38-B1C1-409C-9829-CAA6706C1B33}
[2011/09/18 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E5710D4F-0660-4811-9901-AD16E08F773F}
[2011/09/17 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C78A7E11-56C5-4072-AFAD-A7E9D059508C}
[2011/09/17 00:28:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{831D6599-7548-4405-A96C-B0A826A6290C}
[2011/09/16 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FAFAEF2B-49E6-431B-AF7C-85E10C67365C}
[2011/09/16 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FFB1B29E-2B3B-43E5-9609-BA41DAD2FAB0}
[2011/09/15 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1C8A0A77-B3AA-44EC-8B74-B40C896BA008}
[2011/09/15 22:01:51 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AC122C08-F3B4-42B1-8DAD-9CD54E0261A7}
[2011/09/15 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F6F223C-1CBA-49D2-9168-A5BDF433ADE9}
[2011/09/15 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{09C3399C-5C76-4C98-8EC3-DA3647A43633}
[2011/09/14 22:22:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{944EAD6C-F46C-4E0D-93FB-5FEAD9C42F9E}
[2011/09/14 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0281EB9F-267D-4084-8A5A-DD6DBFD6A57C}
[2011/09/14 10:02:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{644F67FB-EFC8-4325-BA26-2A160DD90420}
[2011/09/13 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C097E518-15BA-457D-B864-4AF53CAF3F06}
[2011/09/13 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C56F39FA-DECC-4E3D-9666-EED91744D005}
[2011/09/13 19:04:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{085C5AFA-2C48-493B-A74C-3A1389C03868}
[2011/09/13 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1B29EDC5-D4E1-4E67-8DBC-6F0527802F82}
[2011/09/13 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6B674FD9-5261-47F7-8047-52F05EA0957A}
[2011/09/13 13:09:52 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1E0A09B6-C89A-4308-9B15-2551341754AA}
[2011/09/12 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3C94ED53-5A93-4255-8D0D-EEC986C5CCBF}
[2011/09/12 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E49B4366-993E-4828-81E2-470997BA8527}
[2011/09/11 12:29:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FDC239D5-A29F-4668-813F-DC9C95F211BA}
[2011/09/11 12:28:56 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A2ABF1F1-8733-4A47-9055-E873119718BE}
[2011/09/10 14:23:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{22CEB281-771E-4C2F-9D78-DCD312A6AC7E}
[2011/09/10 14:23:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{12160AA7-8A9A-4CBA-903E-414EB6017F1D}
[2011/09/10 10:13:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B1B97B86-87EB-476A-898A-01927E6ED309}
[2011/09/09 12:24:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{511055CA-6573-411B-AC70-83E04DC2D422}
[2011/09/09 12:23:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B30E0CEF-B12F-45A6-951A-C291CE85D927}
[2011/09/08 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5BDC6696-C658-4331-97F5-56AD37CF9C07}
[2011/09/08 12:12:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5BA9619C-A0B8-4C24-97BD-71D2BB68ADC9}
[2011/09/08 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4F38CA54-1647-4C48-875F-3E941E1BFB79}
[2011/09/08 00:06:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A3C2D0D2-DF0F-411D-BBF6-77A7A910D738}
[2011/09/07 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4A780CE5-7E80-4D00-8618-F56F2DD3F18F}
[2011/09/07 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{57DC6D12-7129-4C58-8228-17881474995D}
[2011/09/07 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{98122639-0D3A-4561-ADF6-9B412F6104AC}
[2011/09/07 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6E211133-9BFA-4DE3-9641-454BEF403F66}
[2011/09/06 12:42:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0F047A87-428E-464F-A52E-8EC02F6BCDBA}
[2011/09/06 12:42:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2683D7B3-A51D-42F4-AAA2-86643E02B5EC}
[2011/09/06 10:14:37 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/06 10:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/09/06 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F40745C-B084-4C81-974B-30848C1BCC83}
[2011/09/06 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{30FFF8BF-D845-46BC-9119-3D0D9A9D40AE}
[2011/09/05 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{834651D3-E89C-4632-82FA-97CA92D2D4D3}
[2011/09/05 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DAA12864-4000-4D1E-AC8C-554BF95E3752}
[2011/09/05 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E40FD1CD-DA47-4BD3-9BAA-3EF534B7D83E}
[2011/09/05 10:22:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{607775F0-E8D1-4C3E-BDC3-D17F20844D24}
[2011/09/04 22:56:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BCE8085E-C99F-4631-960B-C7BA9E81C477}
[2011/09/04 22:56:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BC708D99-9D45-4DE1-BCC4-8586D61F7BBA}
[2011/09/04 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{109AAA2F-7F95-41D6-ABE9-9AFFA6BFB6FB}
[2011/09/04 21:17:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AEC5771E-59C0-4003-8F78-B77568494A35}
[2011/09/02 08:05:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DB7B2CE5-D70B-4F01-A197-6C7033A54329}
[2011/09/01 23:30:40 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8E5D5807-4707-4C51-946C-AACBA06BFB20}
[2011/09/01 23:28:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9CB3BB1C-6EA2-4EF5-BD0B-8116C20E8887}
[2011/09/01 23:27:57 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E653CAF0-496E-4E76-A396-756E886539A4}
[2011/09/01 08:39:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{81E7A1BB-065E-471D-BDD2-6C994503FE81}
[2011/09/01 08:39:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B211A0E3-8095-476E-842C-48401B5D8351}
[2011/09/01 08:35:51 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{42CEA2D7-41B8-4565-8A25-6DBAB308A468}
[2011/08/31 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C303B616-0EE8-48A2-9854-1D5207316F53}
[2011/08/31 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4DB1BB39-9FCD-4D04-8842-98428346B3BD}
[2011/08/31 18:19:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{97DDE629-3984-45EC-B158-BC817AA78E41}
[2011/08/31 18:19:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BD5A929A-FA49-4B61-9A50-D4AFAC3DBDA8}
[2011/08/31 16:35:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{11C458FE-E68F-499D-9B1A-56A9DA2797C8}
[2011/08/31 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{51B88B58-90C9-44C1-B958-8B785BC37A00}
[2011/08/31 13:44:39 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0A3AB243-7AD1-4990-B5E3-5663E1E135C9}
[2011/08/31 13:44:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{76970132-F5A1-476B-B7EF-2FA8A8731F65}
[2011/08/31 13:42:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{F6B33098-AE0B-44D2-A138-B97E4319F664}
[2011/08/31 13:42:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C617D84A-36CE-4BED-9D7F-F9B0D663325B}
[2011/08/31 13:21:58 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{41632A6C-F1D7-46B2-9BBF-932D32E06295}
[2011/08/31 13:21:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DD90017E-C3A3-43FC-9723-AB92D2A67954}
[2011/08/30 20:07:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7D6160E2-04E6-49A2-9DC6-17B6DC30AB16}
[2011/08/30 20:07:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6472530F-FAB9-4997-A566-CF171065790D}
[2011/08/30 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AD8B5835-77CC-4450-8599-9C9182B11E7A}
[2011/08/30 17:48:58 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D54A1776-17E0-44D7-B82D-1928080D919D}
[2011/08/30 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B1CEBF7D-362E-4963-B120-9B0096D772C9}
[2011/08/30 12:14:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{25244FF0-E59C-4463-9787-03E88FB6AF7F}
[2011/08/30 12:12:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D0011CC4-9E5C-4A24-9C28-9FD08B1D0E8B}
[2011/08/30 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C8EE4508-BBF7-41FB-9848-8BDF837150C8}
[2011/08/29 22:47:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{06468120-8B12-45D5-879D-FFDD41D37A4A}
[2011/08/29 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CA7758ED-CE73-467A-B095-1B9C3D384E9E}
[2011/08/29 19:26:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0BDC84F5-8A18-47F7-8413-3823E7F2365C}
[2011/08/29 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4AB6DB8F-5FD1-4203-B6DA-7475744E13A6}
[2011/08/29 16:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/29 16:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/29 16:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/29 16:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/29 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/29 16:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/29 11:28:11 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3A243A4E-1D7B-4CA3-8B14-73A9D576E0AD}
[2011/08/29 11:28:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{067FD6BE-4303-4156-B32D-E26CFA45DD24}
[2011/08/29 11:27:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5754F34A-F80C-4DF2-9EDD-0EEFAE6C6E10}
[2011/08/29 11:26:45 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{F262B1C3-A23B-46C2-8B20-C050F46222DB}
[2011/08/28 21:53:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{75BE63E7-C726-42EF-B19B-2CCF151C7567}
[2011/08/28 20:52:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3E195591-F939-4249-805E-3F350F63F496}
[2011/08/28 17:52:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DB3367FA-3DFC-43FA-91FE-5CD9206FDA6E}
[2011/08/28 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8E7CB994-D49E-40F1-AA17-41B038D7E015}
[2011/08/28 16:41:52 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{518C9A4A-21C6-4203-AB82-492270D9D907}
[2011/08/28 16:41:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5FBD484C-D852-4DA7-AEB6-2F1A9890D63D}
[2011/08/28 00:30:21 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/28 00:21:59 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EE707D16-7855-4442-A320-F32AB538CCE1}
[2011/08/28 00:21:46 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DDC8E8DD-402C-48FA-BF43-6EF5B4E40575}
[2011/08/20 01:08:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FDE21AA3-F53E-4674-848A-D0E61D6E23CB}
[2011/08/20 01:08:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E0AC136B-127F-4770-A626-8A6E6985F834}
[2011/08/19 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/19 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/19 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/08/19 06:06:24 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D48A3F26-B9F6-4389-966B-410F2EA8FAAD}
[2011/08/18 14:35:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2157F8F1-2996-4676-9D58-6B49706A22CC}
[2011/08/18 14:28:31 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D8D275E2-4874-40A9-AF9C-CFC796C842AF}
[2011/08/18 10:00:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9F4BFDBB-4979-4538-9AA0-5D5F88D59364}
[2011/08/18 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0D7B499B-EDAA-4482-9CE7-6818F3CAA79B}
[2011/08/17 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3D99247F-CD48-4F57-A936-D7B444716C8E}
[2011/08/17 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{362D9E41-B7A8-430B-B849-2B588D4CE178}
[2011/08/17 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7B0AE401-2B1B-424C-92E6-4E9918CE686B}
[2011/08/17 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{F09190C2-6BDA-44CC-8D62-478EBD4F07C9}
[2011/08/17 13:45:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DD127E1A-3E90-419C-A142-7AAA51A8DDB4}
[2011/08/16 23:00:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{80BB7565-47D1-443B-9131-5C04BB970B8C}
[2011/08/16 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D1DBA154-AED7-45B0-BDA6-FD0C95AE529F}
[2011/08/16 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A23F1B2E-B102-4C96-B456-527F71157699}
[2011/08/16 21:43:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3366F835-E704-4A92-82F0-C6FE9634F1D9}
[2011/08/16 21:22:13 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{09CE4B04-67BB-49CE-8D70-C4BEB62EAA84}
[2011/08/16 21:21:51 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{027A70BC-4FE3-4616-8E65-E1272CA105A6}
[2011/08/16 20:36:58 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{926F1BD1-83E5-4D21-87A2-082D154DD6A4}
[2011/08/16 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2DF18813-6B90-4BBE-9346-D0484ACC44D0}
[2011/08/16 16:55:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9403CF8E-91C8-4152-9280-B57783434EA1}
[2011/08/16 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\Solid State Networks
[2011/08/16 15:24:06 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0FD25195-EA82-4F42-B961-22D7F8BB34AF}
[2011/08/16 15:23:56 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{ADCB5444-7EEB-419A-87C1-3CD44B059DFB}
[2011/08/15 22:29:30 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FD353999-F465-4EF7-9FF9-418CC537148C}
[2011/08/15 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9C38871E-5618-494B-B7E0-62E81FB93FDE}
[2011/08/15 10:52:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B9B62105-C2DD-43C2-B263-C70ACB8F577E}
[2011/08/15 10:52:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8A034C4A-FC39-4F24-BE2B-6295C59D9D4C}
[2011/08/15 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E51B484F-5C7B-490F-B93B-64B7B9717170}
[2011/08/15 10:50:35 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{49FB7150-D460-4C75-992B-546918E8E4E8}
[2011/08/14 23:00:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9FDDDF38-CCA9-49D3-8B8F-E09FA05C2821}
[2011/08/14 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{13260CE4-CDC5-4429-8D91-12B1F6DA0214}
[2011/08/13 17:26:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9971A11B-7E1C-4947-8D8F-CF3B49D5F0E2}
[2011/08/13 17:22:30 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CD9D652E-AD7E-4962-A64D-D05AA1BE7AF3}
[2011/08/13 17:22:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8F7E68CB-D035-4011-B922-0EED26AE2EEE}
[2011/08/12 21:04:27 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{22A6545F-EB24-4DE5-B709-CA529C75D463}
[2011/08/12 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DABD29B2-8CE8-40F9-9E4D-DEF9A122FFCC}
[2011/08/12 19:21:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{29AA754B-3749-44C2-85FB-36EC0504EA28}
[2011/08/12 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{156B66BE-5E16-4207-9BD2-BE3E9753C086}
[2011/08/12 15:19:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{38AB172F-B9DC-4374-A7F9-678C15C9EA45}
[2011/08/12 15:19:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D19352FE-8967-4905-9193-38D89A4EA84D}
[2011/08/12 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1382E8BD-7F9A-42CF-A22B-F9E5968DFA91}
[2011/08/12 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8AA1BD6F-684A-48A2-B2F9-77116AE95F16}
[2011/08/12 15:08:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2C2E24F6-DF20-4927-B345-8E0BB769950A}
[2011/08/12 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B41D4AA5-CFCA-4E6A-BB58-096D92421829}
[2011/08/11 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DCC1415D-A3FF-4A15-8D43-EFD7ED1712C4}
[2011/08/11 22:45:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2081DA97-4A65-4EF3-8602-D87BCF5BCE06}
[2011/08/11 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F99AE2B-AA06-49C9-8E98-8DC54223C12E}
[2011/08/11 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{77881D0D-D1EF-4C7F-8859-EF0C389E58AA}
[2011/08/11 10:37:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{F4201A34-20DE-4462-83A8-77B32085BFED}
[2011/08/11 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{363D1822-4F0D-4F7C-AC5E-8F4A24FA2914}
[2011/08/10 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3B3AB95A-9CAE-424A-BBC8-36CF856F98F3}
[2011/08/10 22:09:09 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{00878FEB-0DE7-496C-93D3-13D0492ADA3C}
[2011/08/10 12:25:24 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 12:25:22 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 12:25:12 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 12:25:01 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/10 12:25:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/10 12:25:00 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 12:25:00 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/10 12:25:00 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/10 12:25:00 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 12:25:00 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 12:24:59 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/10 12:24:59 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/10 12:24:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/10 12:24:59 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 12:24:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 12:24:59 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/10 12:24:59 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/10 12:24:58 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/10 12:24:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/10 12:24:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 12:24:58 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/10 12:24:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/10 12:24:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/10 12:24:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/10 12:24:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/10 12:24:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/10 12:24:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/10 12:24:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 12:24:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/10 12:24:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/10 12:24:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/10 12:24:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/10 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2384A7DF-A568-4AD7-8775-8F0C4349BBA8}
[2011/08/10 12:21:23 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6FD29F1F-CB54-4F63-B761-8D0E58898FF1}
[2011/08/09 20:55:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{10311129-0066-4B31-A4B6-E0F00689DCFF}
[2011/08/09 19:06:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D2835C18-11D2-473B-9944-198B2A7930AE}
[2011/08/09 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{81D74913-601F-436C-8196-EE6B0F8B9D1A}
[2011/08/09 16:47:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5DC4138A-86CA-45BB-892E-4AAB9A8C0237}
[2011/08/09 16:46:46 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C5423AC0-925D-491E-BABA-1458B1D46DF8}
[2011/08/09 13:32:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0457939D-734F-4A00-96C8-7B0B760DF442}
[2011/08/09 13:31:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2323F7ED-E62C-438D-A249-8C6DC48545F5}
[2011/08/09 12:08:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{595802A3-B35F-41E4-B022-4982CB900961}
[2011/08/09 12:08:34 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{F9DDFEC7-0F82-43C1-A061-0803708E1D5F}
[2011/08/09 12:07:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{60B23FE9-3BD0-4F09-A462-EF0E1FA342AD}
[2011/08/09 12:06:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C465E709-F4EA-47DA-9C05-2E0A07A7AF67}
[2011/08/08 19:26:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1B698164-BC67-40A7-B99A-C1E89153EB0B}
[2011/08/08 13:00:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{98B9B125-D01E-47BB-8070-48801293616D}
[2011/08/08 13:00:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EFB8EF8F-8532-45A5-99DF-DD27976CABFD}
[2011/08/07 22:12:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B80B9909-B10A-47B5-A8FC-127F24243E6B}
[2011/08/07 22:12:20 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E8BA194E-377E-414C-8B0A-B79527A7C311}
[2011/08/07 17:36:27 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{46ABD9BB-C4FF-499D-B1CC-94E36BBF5FA1}
[2011/08/07 15:24:59 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A8028B18-F510-40AF-A609-D5E4F40CDB44}
[2011/08/07 11:48:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2927880A-29FB-44F3-9988-54550C8B724D}
[2011/08/07 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{F538B9DE-8D79-4145-9B99-0DA7A1DD04E5}
[2011/08/07 11:48:11 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B1ADAD92-DAA2-4E20-BF02-75186BC9313F}
[2011/08/07 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4E6DFD1D-BCA9-4444-A4FB-51704C583C20}
[2011/08/07 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B5BED3C7-400F-4C56-AC47-2EA28D41D6F6}
[2011/08/06 22:13:56 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2ED0A20D-5EE7-47CA-951A-9FA118C53DBB}
[2011/08/06 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B38D351C-6BA1-4F99-BA9D-DC7244BA77A4}
[2011/08/06 17:31:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E68DBB38-F648-4394-AEAC-60E031F974F9}
[2011/08/06 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0BE0890F-0664-4213-B401-5CF8949476D5}
[2011/08/06 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8D5F9364-4DD5-4626-A7A7-F37860B2B82D}
[2011/08/06 16:06:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0D4A026B-B2D5-4D2F-9845-371E8AEDDF61}
[2011/08/06 10:59:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2759E332-2AB6-4732-8C5F-38BC54CC7DDA}
[2011/08/06 10:11:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AFFA8F03-FFE9-4E72-BD70-15070C4EDF2F}
[2011/08/05 16:49:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A214EB69-AAF6-49CB-AB6C-FEC838ACB1BA}
[2011/08/05 14:28:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0C3CCF9E-0F59-4B64-A6E0-B91CF6F12FAD}
[2011/08/04 21:29:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3CFE6922-6136-4744-8111-6CE11FBB6CB2}
[2011/08/04 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A38BE8A9-6A97-46D1-9CA1-E9C7646F4BDD}
[2011/08/03 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A7BE40FB-9BD5-421C-B0DC-FDFA04BDA119}
[2011/08/02 12:00:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E51B5D4A-50FD-4492-A02B-EE9B0140056F}
[2011/08/01 23:30:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6530DA1F-3F43-4A99-B987-3B318FFF08B8}
[2011/08/01 11:05:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BC86F134-3E07-4769-A8DC-CC34C0E0F2F2}
[2011/07/31 10:09:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5AB2A683-215E-4722-91B6-FD772848D80B}
[2011/07/30 10:45:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CFD1A416-F60A-46B7-B5E9-BB93411EEA14}
[2011/07/29 17:35:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{927183AA-8EF4-494C-AAC6-6E43632E38DF}
[2011/07/27 14:08:24 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{490FB06B-EF83-47EA-BF6A-42BB9A8D8393}
[2011/07/26 23:46:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0FA793D7-D93F-485C-ACCC-72B6952F716C}
[2011/07/26 10:44:37 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{8143B4E4-8865-4737-B1C4-61C57796F127}
[2011/07/25 17:20:13 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F737154-482E-449F-AE65-51A766401AD2}
[2011/07/25 17:19:24 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{20426EC2-2DE8-4D91-8EB7-27453435574D}
[2011/07/24 13:46:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{89B6F0ED-052F-4D4B-876A-4597A538D832}
[2011/07/23 13:43:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{35CB9BD6-C4E1-46C3-B9ED-1025861232E4}
[2011/07/23 10:48:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1289FD0A-AB21-49A2-AACA-7C2C250188DD}
[2011/07/22 12:05:39 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Documents\My Logbook Pro Files
[2011/07/22 12:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logbook Pro
[2011/07/22 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logbook Pro
[2011/07/22 12:03:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\Downloaded Installations
[2011/07/22 10:51:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{05C57773-5579-43A7-A8C5-7922E7EDD578}
[2011/07/21 10:45:51 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{79C6B98D-C288-45F5-B01F-F85A242940DF}
[2011/07/20 13:35:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3C880108-5801-483C-BB6B-629C03AF4455}
[2011/07/19 10:55:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{47AD65E5-DF5D-4312-A156-4E60029CC0DE}
[2011/07/18 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D4B419E9-ABF3-42E7-A57E-AE1374AF5EC5}
[2011/07/17 22:26:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{56DA81BA-3966-4475-8691-70D425BA1A98}
[2011/07/17 22:25:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{007F9FC8-888D-433F-A291-1963258C51BF}
[2011/07/16 23:55:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BC40C417-2351-4FBD-8E73-F732E13F7561}
[2011/07/16 10:47:45 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CC1A3750-CA51-445B-A3DE-F0908F5133CD}
[2011/07/15 11:18:58 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{92747B23-9A3B-4CFB-9BA2-C32DABFE8401}
[2011/07/14 16:37:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C4522004-D33C-4C0A-A1B9-7ED1607F4775}
[2011/07/14 13:13:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7C05740D-2DFD-405B-8562-AB3DE041FAD3}
[2011/07/13 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FBD14F70-47AD-4DB5-AD83-44E3B2D7F53D}
[2011/07/12 16:44:14 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 16:44:04 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:31:30 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{72589907-1F69-453F-B738-7053B9DEB667}
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/11 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AB3B3B78-2A16-4978-84E9-044394DA9D25}
[2011/07/10 14:45:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6613F599-4BF1-4C01-84E9-E19BEF2F1B3A}
[2011/07/10 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C056930E-2213-4E90-952F-1CB1A0306403}
[2011/07/10 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EA89B720-F9A9-4023-959D-EDA300EA13A7}
[2011/07/09 10:44:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{19857781-60E1-479D-879D-C5553AE4154E}
[2011/07/08 12:40:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2D7104EC-6344-409A-B68B-D1BC3265BE98}
[2011/07/07 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5498E16B-89A8-4498-89E8-106EB09253BD}
[2011/07/06 10:58:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A5E5C8F7-F636-413A-B7EB-66DB029024A9}
[2011/07/05 18:37:00 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/07/05 18:37:00 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2011/07/05 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{978F6621-DA80-401D-972D-9614C31A9B1D}
[2011/07/05 11:08:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{96647F09-9681-4823-BD1B-71E57775CEA6}
[2011/07/04 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{48BC2850-47E6-4646-8987-CE7C7EDC2F22}
[2011/07/03 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C8F2A469-5C81-45BB-8B01-E0A59382FBDC}
[2011/07/03 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D5ABC835-79BD-42CD-BD87-1645318FC683}
[2009/07/04 14:50:58 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2009/07/04 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2009/07/04 14:50:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2009/07/04 14:50:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2009/07/04 14:50:56 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2009/07/04 14:50:56 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2009/07/04 14:50:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2009/07/04 14:50:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2009/07/04 14:50:55 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2009/07/04 14:50:55 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2009/07/04 14:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2009/07/04 14:50:55 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2009/07/04 14:50:54 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe

========== Files - Modified Within 90 Days ==========

[2011/09/29 14:46:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/29 14:46:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/29 14:45:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/29 14:45:42 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 15:32:32 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 13:51:41 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/27 22:42:21 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/09/27 21:58:32 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/27 21:58:32 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/27 21:58:32 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/13 22:03:14 | 000,094,256 | ---- | M] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/09/04 23:02:49 | 000,026,786 | ---- | M] () -- C:\Users\Eddie\Desktop\PinkElephant.jpg
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/29 16:14:44 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/29 16:10:52 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/28 00:30:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/20 01:38:34 | 000,000,680 | ---- | M] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2011/08/17 14:32:21 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/08/09 13:03:31 | 000,001,990 | ---- | M] () -- C:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2011/08/09 13:03:31 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2011/07/23 07:31:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/07/23 07:29:01 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/07/23 07:25:11 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/07/23 07:25:05 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/07/23 07:24:17 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/07/23 07:23:51 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/07/23 07:23:30 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/07/23 07:23:30 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/07/23 07:23:29 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/07/23 07:23:28 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/07/23 07:23:28 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/07/23 07:04:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/07/23 07:02:54 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/07/23 07:00:40 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/07/23 07:00:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/07/23 06:59:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/07/23 06:59:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/07/23 06:59:34 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/07/23 06:59:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/07/23 06:59:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/07/23 06:59:34 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/07/23 06:31:39 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/07/23 06:03:47 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/07/23 05:50:14 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/07/23 05:49:57 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/07/23 05:49:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/07/23 05:27:04 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/07/23 05:26:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/07/22 21:36:25 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Documents\Hannan Flight Resume 0722.pdf
[2011/07/13 14:11:41 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/13 12:59:35 | 000,399,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/05 18:37:00 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/07/05 18:37:00 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

========== Files Created - No Company Name ==========

[2011/09/28 17:57:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/28 17:57:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/28 17:57:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/28 17:57:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/28 17:57:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 22:42:21 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/09/13 22:03:12 | 000,094,256 | ---- | C] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/09/04 23:02:48 | 000,026,786 | ---- | C] () -- C:\Users\Eddie\Desktop\PinkElephant.jpg
[2011/08/29 16:14:44 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/29 16:10:52 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/17 14:32:20 | 000,082,929 | ---- | C] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/07/22 12:04:28 | 000,001,990 | ---- | C] () -- C:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2011/07/22 12:04:28 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2011/07/22 11:54:49 | 000,082,929 | ---- | C] () -- C:\Users\Eddie\Documents\Hannan Flight Resume 0722.pdf
[2011/06/29 13:45:10 | 000,220,539 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/29 13:45:10 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/09/27 23:57:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/17 13:58:40 | 000,157,465 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/02/04 17:54:46 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/01/25 22:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\wklnhst.dat
[2010/01/25 22:05:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 19:28:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 19:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 19:27:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 12:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2009/07/04 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2009/07/04 14:50:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2009/07/04 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2009/07/04 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2009/07/04 14:50:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2009/07/04 14:50:57 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2009/07/04 14:50:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2009/07/04 14:50:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2009/07/04 14:50:54 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2009/07/04 14:37:12 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/06/29 22:30:26 | 000,043,520 | ---- | C] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 02:07:23 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/06/21 01:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/20 23:44:34 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/07 15:17:04 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/03/07 15:16:30 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/03/07 15:15:28 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/09/21 13:05:51 | 000,000,000 | -HSD | M] -- C:\Users\Eddie\AppData\Roaming\888C743A
[2009/12/09 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\968 Series
[2009/10/26 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Amazon
[2010/02/06 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Digidesign
[2010/03/14 13:09:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Facebook
[2010/02/04 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Sling Media
[2010/02/04 18:36:17 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Structure
[2010/01/25 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Template
[2010/12/03 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Windows Live Writer
[2011/09/28 22:57:25 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2009/06/21 01:56:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/06/21 01:56:40 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/06/21 01:56:40 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/06/21 01:56:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/06/21 01:56:40 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/06/21 01:56:40 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/06/21 01:56:39 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/06/21 01:56:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: LSASS.EXE >
[2009/06/15 09:21:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=02474FBCB00AA5C622E92F620DB9A041 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_02bcb9272e6ecc60\lsass.exe
[2009/09/10 11:22:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1104B18819392FEA12FB5F9E170E66B3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_00fbc3d9312b9991\lsass.exe
[2009/02/13 04:52:40 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1979F94B28107233315DD6220F2304DD -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_02ad19252e799f25\lsass.exe
[2008/01/20 22:48:17 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_026926461528a96c\lsass.exe
[2008/01/20 22:48:17 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_02635b98152c3e5e\lsass.exe
[2008/01/20 22:48:17 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_04549f52124a74b8\lsass.exe
[2009/06/15 09:34:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1E766E4C5BF9E230AD37A56BF7DB6C94 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_00d282d7314a3edc\lsass.exe
[2009/06/15 09:32:30 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=306E4503E083A498AE797FF59FA72839 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_00373bf8183ad660\lsass.exe
[2009/06/15 09:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\ERDNT\cache64\lsass.exe
[2009/06/15 09:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\SysNative\lsass.exe
[2009/06/15 09:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\system64\lsass.exe
[2009/06/15 09:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_041a8e8e12769b11\lsass.exe
[2009/09/09 07:32:36 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=41FB90DF49F203672F459122EF1F13B1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_02effd0d2e47247b\lsass.exe
[2009/02/13 01:14:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=563B71CEF1D46A24C5980FA2988DB67F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_0101906d312801c6\lsass.exe
[2009/06/15 09:26:45 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=80F4593E92FF960E4763380D3168E498 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_021f7b32155f99ff\lsass.exe
[2009/09/10 10:57:16 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=BBBCE2DACDCCD5EA60A50D0023AE2DE9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_04c69d972b7a16dd\lsass.exe
[2009/02/13 03:46:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=E231BDBD7D69857EEFFDEB3A48A53824 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_006d4b9418124aab\lsass.exe
[2009/06/15 09:12:52 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EBDAEE60E442BEA413E5D7CEDFB09463 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_04a52ba32b935432\lsass.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\system64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\system64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\system64\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*.exe /s >
[2010/03/14 13:09:09 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Eddie\AppData\Roaming\Facebook\uninstall.exe
[2011/02/02 00:25:47 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Eddie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %ALLUSERSPROFILE%\*.* >
[2011/06/29 13:56:05 | 000,000,703 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/10/19 13:39:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/24 06:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/06/21 02:07:34 | 000,003,497 | RH-- | M] () -- C:\dell.sdr
[2009/07/04 14:37:48 | 000,000,178 | ---- | M] () -- C:\dldo.log
[2009/12/09 17:18:45 | 000,000,180 | ---- | M] () -- C:\faxend.log
[2009/12/09 17:11:56 | 000,000,162 | ---- | M] () -- C:\faxendPdoc.log
[2009/12/09 17:11:56 | 000,000,245 | ---- | M] () -- C:\faxfile.log
[2008/09/12 09:10:28 | 000,046,592 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\FT_clean.exe
[2011/09/29 14:45:42 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/09/29 14:45:41 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %PROGRAMFILES%\Internet Explorer\*.* >
[2009/03/08 07:35:03 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2008/01/20 22:48:59 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
[2009/01/12 00:05:25 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc
[2009/03/08 07:33:15 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecleanup.exe
[2010/10/19 00:27:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll
[2011/07/23 06:59:29 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2009/03/08 07:33:55 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2009/03/08 07:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2011/07/23 06:59:34 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2011/07/23 06:59:34 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2009/03/08 07:35:01 | 000,521,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2009/03/08 07:35:00 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2009/03/08 07:35:02 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2009/03/08 07:35:11 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009/01/07 21:20:17 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2009/01/07 21:20:17 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2011/07/23 07:04:03 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

< %USERPROFILE%\*.* >
[2011/09/28 13:35:31 | 000,022,972 | ---- | M] () -- C:\Users\Eddie\AVSCAN-20110928-110852-C50F2323.LOG
[2011/09/29 15:08:34 | 003,407,872 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT
[2011/09/29 15:08:34 | 000,262,144 | -H-- | M] () -- C:\Users\Eddie\ntuser.dat.LOG1
[2009/06/26 19:10:50 | 000,000,000 | -H-- | M] () -- C:\Users\Eddie\ntuser.dat.LOG2
[2009/09/02 21:59:32 | 000,065,536 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/09/02 21:59:32 | 000,524,288 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/06/26 19:12:01 | 000,524,288 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2011/09/28 22:57:23 | 000,065,536 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT{ce0c34ea-98ad-11de-a3dc-002219f3f49e}.TM.blf
[2011/09/28 22:57:23 | 000,524,288 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT{ce0c34ea-98ad-11de-a3dc-002219f3f49e}.TMContainer00000000000000000001.regtrans-ms
[2009/09/03 13:19:05 | 000,524,288 | -HS- | M] () -- C:\Users\Eddie\NTUSER.DAT{ce0c34ea-98ad-11de-a3dc-002219f3f49e}.TMContainer00000000000000000002.regtrans-ms
[2009/06/26 19:10:50 | 000,000,020 | -HS- | M] () -- C:\Users\Eddie\ntuser.ini
[2010/11/18 14:23:25 | 000,000,632 | RHS- | M] () -- C:\Users\Eddie\ntuser.pol

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\*.exe /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.dll /90 >
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\system32\dnssd.dll
[2011/07/23 06:59:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2011/07/23 06:59:34 | 011,081,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2011/07/23 06:59:34 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2011/07/23 06:59:34 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2011/07/23 06:59:34 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2011/07/23 06:59:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2011/07/23 06:59:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2011/07/23 06:59:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2011/07/23 06:59:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2011/07/23 07:00:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2011/07/23 07:00:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2011/07/23 07:00:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2011/07/23 07:00:40 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2011/07/23 07:00:40 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2011/07/23 07:01:07 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstime.dll
[2011/07/23 07:02:54 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2011/07/11 09:25:35 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2011/07/23 07:04:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2011/07/23 07:04:18 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2011/07/23 07:04:29 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\*.exe /90 >
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\system32\dns-sd.exe
[2011/07/23 05:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ie4uinit.exe
[2011/07/23 05:27:04 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieUnatt.exe
[2011/07/23 05:26:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedssync.exe

< %systemroot%\system32\config\*.sav >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\Tasks\*.job /lockedfiles >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = [Binary data over 100 bytes]
"SavedLegacySettings" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 1441 bytes -> C:\ProgramData\Microsoft:oUTAGjYserqgWPyQe8BR
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:mhUzGRUL1GLDU0ZM6nm
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

Edited by Eduardotrojan, 29 September 2011 - 03:10 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Eduardotrojan and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

After this please continue with steps below.

Step 2

Please restart in safe mode with networking:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for the Reply!

When I disabled the Antivir in both normal mode and safe mode, combofix still said it was active after several attempts so I ran the combofix anyway and produced the following log. Upon reactivating Antivir, the same virus is still appearing. Here is the combofix log:

ComboFix 11-10-03.01 - Eddie 10/03/2011 21:03:17.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.3299 [GMT -4:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 01:12 . 2011-10-04 01:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F3D49A-C237-40C6-9A2D-A38D8B534F06}\offreg.dll
2011-10-04 01:11 . 2011-10-04 01:11 -------- d-----we c:\windows\system64
2011-10-04 01:10 . 2011-10-04 01:13 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2011-10-04 01:10 . 2011-10-04 01:10 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-04 01:10 . 2011-10-04 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-02 01:30 . 2011-10-02 01:30 -------- d-----w- C:\_OTM
2011-09-30 16:54 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F3D49A-C237-40C6-9A2D-A38D8B534F06}\mpengine.dll
2011-09-29 21:05 . 2011-09-29 21:05 -------- d-----w- C:\_OTL
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 19:32 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 17:51 . 2011-09-28 17:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 17:49 . 2011-09-28 22:33 -------- d-----w- c:\programdata\Lavasoft
2011-09-21 17:05 . 2011-09-21 17:05 -------- d-sh--w- c:\users\Eddie\AppData\Roaming\888C743A
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-06 14:14 . 2011-09-06 14:14 -------- d-----w- c:\windows\en
2011-09-06 14:10 . 2011-09-06 14:10 -------- d-----w- c:\program files\Windows Live
2011-09-06 14:10 . 2011-09-06 14:10 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 04:30 . 2011-08-28 04:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31 . 2011-08-10 16:25 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:24 . 2011-08-10 16:24 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 11:23 . 2011-08-10 16:24 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 11:23 . 2011-08-10 16:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 11:23 . 2011-08-10 16:24 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 11:04 . 2011-08-10 16:25 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-23 11:00 . 2011-08-10 16:24 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 16:25 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 16:24 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-23 10:59 . 2011-08-10 16:24 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-23 10:31 . 2011-08-10 16:24 479232 ----a-w- c:\windows\system32\html.iec
2011-07-23 10:03 . 2011-08-10 16:24 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-07-23 09:50 . 2011-08-10 16:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:48 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 09:27 . 2011-08-10 16:24 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-11 13:45 . 2011-08-28 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-28 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-06 15:49 . 2011-08-10 16:25 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"FAStartup"="" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-06-18 77824]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
.
c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 1044720]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [2007-10-05 34032]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-03-07 2360584]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2009-02-11 634888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MemoryCardManager"="c:\program files (x86)\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"dldomon.exe"="c:\program files (x86)\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Dell 968 AIO Printer - c:\users\Eddie\AppData\Roaming\csrss.exe
Wow6432Node-HKLM-Run-NoteBurner - c:\program files (x86)\NoteBurner\VTBurnerGUI.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-10-03 21:18:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-04 01:18
ComboFix2.txt 2011-09-30 19:28
ComboFix3.txt 2011-09-28 22:25
.
Pre-Run: 172,510,949,376 bytes free
Post-Run: 172,219,478,016 bytes free
.
- - End Of File - - 0384A9D7BBE4F4791C8E1FCEAA2D923B
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Combofix didn't do his job. Malware probably interfere with it. Don't try to run it in normal mode jet.

  • Restart in safe mode.
  • Delete your version of Combofix and download new one.
  • If it warn you for antivirus just continue with the scan.
  • Accept all warnings and let it run.

  • 0

#5
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I deleted all combofix from my computer and redownloaded it and let it run. I have a log saved and can post in the next reply if you wish. The virus still appears to be active on my system after the scan. I am going to keep my computer in safe mode for now.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please post new Combofix log for me. After that do OTL scan and post OTL log also:

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#7
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL Log from Quick Scan

OTL logfile created on: 10/4/2011 3:40:55 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Eddie\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 80.10% Memory free
8.09 Gb Paging File | 7.45 Gb Available in Paging File | 92.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 161.74 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.75 Gb Free Space | 52.90% Space Free | Partition Type: NTFS

Computer Name: EDDIES-DELL | User Name: Eddie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Downloads\OTL.exe
PRC - [2008/01/20 22:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/20 04:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 04:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 12:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\dldocoms.exe -- (dldo_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/30 18:37:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 18:37:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/21 15:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 04:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/11 09:47:50 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausbft.sys -- (MAUSBFT)
DRV:64bit: - [2009/02/10 05:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 05:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/26 03:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 02:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 11:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 05:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/16 05:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 05:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 05:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eddie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 22:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/01 22:27:31 | 000,000,000 | ---D | M]

[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2011/10/03 18:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions
[2011/05/13 16:48:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/18 00:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" File not found
O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4256B9A-C8A6-44DB-8C18-7B71AE3A41C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 10:26:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/04 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\temp
[2011/10/04 10:20:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/04 10:19:15 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/04 10:05:44 | 004,242,780 | R--- | C] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/03 18:52:13 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{09C453B6-8ED1-4858-B604-982918A604A0}
[2011/10/03 18:51:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{787C086A-692A-4F53-92F8-8B23A5234D34}
[2011/10/03 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D166D378-3744-453B-A2A3-4B803FB19011}
[2011/10/03 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{14484E09-CC0E-4754-BA4D-409876CAE39A}
[2011/10/02 19:08:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D6643E4D-E63B-43E4-B808-DD8952D5E5F8}
[2011/10/02 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{50825DB4-1DD8-4424-836C-1A20BC4F4913}
[2011/10/01 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\GooredFix Backups
[2011/10/01 21:30:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/01 15:55:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5A04FB9E-3A2C-4B39-9945-B8632BDE37A8}
[2011/10/01 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{ACACCCCB-09B8-4916-9BA0-75C764383C4C}
[2011/09/30 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/30 12:30:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0BDC9C8C-2D9B-4ED5-9275-B9A875E0218F}
[2011/09/30 12:30:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D5398BD5-F1AA-42C5-96C1-890C3C496964}
[2011/09/29 17:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/29 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{867D776B-21DA-40CB-873A-0E30A63FD83A}
[2011/09/29 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D1E16AAF-0113-42C6-9E39-F38BE967FA77}
[2011/09/28 17:57:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/28 17:57:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 17:57:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 17:57:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/09/28 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 15:32:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 13:51:42 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/28 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/28 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{59037DF7-88F6-4DE3-9910-1E413497085C}
[2011/09/28 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C7DECBEA-FA01-409D-B3D7-33E8BF2A755E}
[2011/09/27 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4D8AB078-DF0B-442C-A517-6433D4602583}
[2011/09/27 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{92EC7465-CCDF-42FF-922C-13A766BF0CCA}
[2011/09/27 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DB4C806F-32CE-4569-AA84-EE2981D87F45}
[2011/09/27 19:04:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4D6C8DF3-DA16-4222-AFF0-F7345A9417FC}
[2011/09/26 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C27E97BA-E07A-4920-A0E9-9F3143232148}
[2011/09/26 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D0E84954-175B-4800-B9B5-60FCC3835BB8}
[2011/09/26 19:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CC658B85-D18B-47A1-A5B3-78B06860DED1}
[2011/09/25 11:18:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9851104D-EB88-4FE6-9C7F-831340CCBFD0}
[2011/09/24 14:26:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A8765A34-E574-4DCF-856D-25A830F3D6D0}
[2011/09/24 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{91B40AD4-A3AA-415B-A3F5-2B4E120E2C74}
[2011/09/23 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6B168EB2-001D-4F48-8724-8E8A36EE7CB2}
[2011/09/23 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{21D8F1BE-E83E-42D2-AB4E-E99DDEB49BCD}
[2011/09/22 23:42:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9B339570-F9A5-41FE-8936-C7EF02828C52}
[2011/09/22 23:41:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7938C6AD-3EA5-47EA-A07F-AACE8562344F}
[2011/09/22 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B0FA220E-D2AF-4847-BCB0-215D617C082A}
[2011/09/22 11:01:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{34E7E47C-D17E-404C-888E-BA7665315A05}
[2011/09/21 23:00:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{63388E45-B2EE-4909-93FC-8A9B8F5F0A64}
[2011/09/21 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{581F50DF-E9C7-43F7-8690-93F850F5075F}
[2011/09/21 13:05:51 | 000,000,000 | -HSD | C] -- C:\Users\Eddie\AppData\Roaming\888C743A
[2011/09/21 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B6601F8F-E1E5-407D-B729-A9749BC5526F}
[2011/09/21 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7DFE8EF3-7864-4038-A3E0-BEE4D4777920}
[2011/09/21 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{63DDFE95-C8C6-43B5-A5F7-AA07F8B455FE}
[2011/09/21 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EA553DF5-E4C6-4A35-A138-4A711A4B8FBB}
[2011/09/20 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{33B0A467-E9D0-45AF-9157-E11EBAEA5426}
[2011/09/20 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C50581AF-F9AA-4988-AAB4-2C5AA1D91374}
[2011/09/19 21:27:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AB6FFCEB-04CE-41E6-85D0-2ED91E4C4C0E}
[2011/09/19 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3A2BF5F6-0FEA-475E-97D3-92247F96F86D}
[2011/09/19 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EAF75024-EE23-43D2-9610-D6207DF1EF64}
[2011/09/19 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B3FDF80C-9874-4EE0-AA08-3C34E9D78D89}
[2011/09/18 16:50:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{35DE1D38-B1C1-409C-9829-CAA6706C1B33}
[2011/09/18 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E5710D4F-0660-4811-9901-AD16E08F773F}
[2011/09/17 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C78A7E11-56C5-4072-AFAD-A7E9D059508C}
[2011/09/17 00:28:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{831D6599-7548-4405-A96C-B0A826A6290C}
[2011/09/16 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FAFAEF2B-49E6-431B-AF7C-85E10C67365C}
[2011/09/16 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FFB1B29E-2B3B-43E5-9609-BA41DAD2FAB0}
[2011/09/15 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1C8A0A77-B3AA-44EC-8B74-B40C896BA008}
[2011/09/15 22:01:51 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AC122C08-F3B4-42B1-8DAD-9CD54E0261A7}
[2011/09/15 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F6F223C-1CBA-49D2-9168-A5BDF433ADE9}
[2011/09/15 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{09C3399C-5C76-4C98-8EC3-DA3647A43633}
[2011/09/14 22:22:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{944EAD6C-F46C-4E0D-93FB-5FEAD9C42F9E}
[2011/09/14 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0281EB9F-267D-4084-8A5A-DD6DBFD6A57C}
[2011/09/14 10:02:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{644F67FB-EFC8-4325-BA26-2A160DD90420}
[2011/09/13 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C097E518-15BA-457D-B864-4AF53CAF3F06}
[2011/09/13 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C56F39FA-DECC-4E3D-9666-EED91744D005}
[2011/09/13 19:04:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{085C5AFA-2C48-493B-A74C-3A1389C03868}
[2011/09/13 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1B29EDC5-D4E1-4E67-8DBC-6F0527802F82}
[2011/09/13 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6B674FD9-5261-47F7-8047-52F05EA0957A}
[2011/09/13 13:09:52 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1E0A09B6-C89A-4308-9B15-2551341754AA}
[2011/09/12 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3C94ED53-5A93-4255-8D0D-EEC986C5CCBF}
[2011/09/12 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E49B4366-993E-4828-81E2-470997BA8527}
[2011/09/11 12:29:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FDC239D5-A29F-4668-813F-DC9C95F211BA}
[2011/09/11 12:28:56 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A2ABF1F1-8733-4A47-9055-E873119718BE}
[2011/09/10 14:23:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{22CEB281-771E-4C2F-9D78-DCD312A6AC7E}
[2011/09/10 14:23:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{12160AA7-8A9A-4CBA-903E-414EB6017F1D}
[2011/09/10 10:13:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B1B97B86-87EB-476A-898A-01927E6ED309}
[2011/09/09 12:24:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{511055CA-6573-411B-AC70-83E04DC2D422}
[2011/09/09 12:23:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B30E0CEF-B12F-45A6-951A-C291CE85D927}
[2011/09/08 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5BDC6696-C658-4331-97F5-56AD37CF9C07}
[2011/09/08 12:12:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5BA9619C-A0B8-4C24-97BD-71D2BB68ADC9}
[2011/09/08 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4F38CA54-1647-4C48-875F-3E941E1BFB79}
[2011/09/08 00:06:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A3C2D0D2-DF0F-411D-BBF6-77A7A910D738}
[2011/09/07 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4A780CE5-7E80-4D00-8618-F56F2DD3F18F}
[2011/09/07 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{57DC6D12-7129-4C58-8228-17881474995D}
[2011/09/07 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{98122639-0D3A-4561-ADF6-9B412F6104AC}
[2011/09/07 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6E211133-9BFA-4DE3-9641-454BEF403F66}
[2011/09/06 12:42:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0F047A87-428E-464F-A52E-8EC02F6BCDBA}
[2011/09/06 12:42:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2683D7B3-A51D-42F4-AAA2-86643E02B5EC}
[2011/09/06 10:14:37 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/06 10:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/09/06 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F40745C-B084-4C81-974B-30848C1BCC83}
[2011/09/06 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{30FFF8BF-D845-46BC-9119-3D0D9A9D40AE}
[2011/09/05 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{834651D3-E89C-4632-82FA-97CA92D2D4D3}
[2011/09/05 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DAA12864-4000-4D1E-AC8C-554BF95E3752}
[2011/09/05 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E40FD1CD-DA47-4BD3-9BAA-3EF534B7D83E}
[2011/09/05 10:22:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{607775F0-E8D1-4C3E-BDC3-D17F20844D24}
[2011/09/04 22:56:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BCE8085E-C99F-4631-960B-C7BA9E81C477}
[2011/09/04 22:56:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BC708D99-9D45-4DE1-BCC4-8586D61F7BBA}
[2011/09/04 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{109AAA2F-7F95-41D6-ABE9-9AFFA6BFB6FB}
[2011/09/04 21:17:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AEC5771E-59C0-4003-8F78-B77568494A35}
[2009/07/04 14:50:58 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2009/07/04 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2009/07/04 14:50:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2009/07/04 14:50:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2009/07/04 14:50:56 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2009/07/04 14:50:56 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2009/07/04 14:50:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2009/07/04 14:50:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2009/07/04 14:50:55 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2009/07/04 14:50:55 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2009/07/04 14:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2009/07/04 14:50:55 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2009/07/04 14:50:54 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/04 15:38:10 | 000,000,732 | ---- | M] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/10/04 11:42:52 | 000,633,966 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/10/04 11:13:26 | 000,000,486 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/10/04 10:19:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 10:05:57 | 004,242,780 | R--- | M] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/04 09:54:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 09:54:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 19:15:35 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/09/30 13:05:02 | 000,044,544 | ---- | M] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 15:32:32 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 13:51:41 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/27 22:42:21 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/09/27 21:58:32 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/27 21:58:32 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/27 21:58:32 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/13 22:03:14 | 000,094,256 | ---- | M] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/09/04 23:02:49 | 000,026,786 | ---- | M] () -- C:\Users\Eddie\Desktop\PinkElephant.jpg

========== Files Created - No Company Name ==========

[2011/10/04 11:42:49 | 000,633,966 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/09/30 13:11:02 | 000,000,732 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/09/28 17:57:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/28 17:57:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/28 17:57:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/28 17:57:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/28 17:57:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 22:42:21 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/09/13 22:03:12 | 000,094,256 | ---- | C] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/09/04 23:02:48 | 000,026,786 | ---- | C] () -- C:\Users\Eddie\Desktop\PinkElephant.jpg
[2011/06/29 13:45:10 | 000,220,539 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/29 13:45:10 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/09/27 23:57:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/17 13:58:40 | 000,157,465 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/02/04 17:54:46 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/01/25 22:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\wklnhst.dat
[2010/01/25 22:05:26 | 000,000,486 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 19:28:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 19:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 19:27:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 12:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2009/07/04 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2009/07/04 14:50:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2009/07/04 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2009/07/04 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2009/07/04 14:50:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2009/07/04 14:50:57 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2009/07/04 14:50:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2009/07/04 14:50:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2009/07/04 14:50:54 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2009/07/04 14:37:12 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/06/29 22:30:26 | 000,044,544 | ---- | C] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 02:07:23 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/06/21 01:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/20 23:44:34 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/07 15:17:04 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/03/07 15:16:30 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/03/07 15:15:28 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/09/21 13:05:51 | 000,000,000 | -HSD | M] -- C:\Users\Eddie\AppData\Roaming\888C743A
[2009/12/09 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\968 Series
[2009/10/26 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Amazon
[2010/02/06 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Digidesign
[2010/03/14 13:09:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Facebook
[2010/02/04 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Sling Media
[2010/02/04 18:36:17 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Structure
[2010/01/25 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Template
[2010/12/03 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Windows Live Writer
[2011/10/04 09:56:44 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1441 bytes -> C:\ProgramData\Microsoft:oUTAGjYserqgWPyQe8BR
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:mhUzGRUL1GLDU0ZM6nm
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

#8
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Combo Fix Log

ComboFix 11-10-04.04 - Eddie 10/04/2011 10:11:07.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.3229 [GMT -4:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 14:19 . 2011-10-04 14:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F3D49A-C237-40C6-9A2D-A38D8B534F06}\offreg.dll
2011-10-04 14:19 . 2011-10-04 14:19 -------- d-----we c:\windows\system64
2011-10-04 14:18 . 2011-10-04 14:20 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2011-10-04 14:18 . 2011-10-04 14:18 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-04 14:18 . 2011-10-04 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-02 01:30 . 2011-10-02 01:30 -------- d-----w- C:\_OTM
2011-09-30 16:54 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F3D49A-C237-40C6-9A2D-A38D8B534F06}\mpengine.dll
2011-09-29 21:05 . 2011-09-29 21:05 -------- d-----w- C:\_OTL
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 19:32 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 17:51 . 2011-09-28 17:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 17:49 . 2011-09-28 22:33 -------- d-----w- c:\programdata\Lavasoft
2011-09-21 17:05 . 2011-09-21 17:05 -------- d-sh--w- c:\users\Eddie\AppData\Roaming\888C743A
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-06 14:14 . 2011-09-06 14:14 -------- d-----w- c:\windows\en
2011-09-06 14:10 . 2011-09-06 14:10 -------- d-----w- c:\program files\Windows Live
2011-09-06 14:10 . 2011-09-06 14:10 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 04:30 . 2011-08-28 04:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31 . 2011-08-10 16:25 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:24 . 2011-08-10 16:24 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 11:23 . 2011-08-10 16:24 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 11:23 . 2011-08-10 16:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 11:23 . 2011-08-10 16:24 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 11:04 . 2011-08-10 16:25 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-23 11:00 . 2011-08-10 16:24 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 16:25 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 16:24 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-23 10:59 . 2011-08-10 16:24 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-23 10:31 . 2011-08-10 16:24 479232 ----a-w- c:\windows\system32\html.iec
2011-07-23 10:03 . 2011-08-10 16:24 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-07-23 09:50 . 2011-08-10 16:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:48 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 09:27 . 2011-08-10 16:24 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-11 13:45 . 2011-08-28 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-28 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-06 15:49 . 2011-08-10 16:25 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"FAStartup"="" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-06-18 77824]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
.
c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 1044720]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [2007-10-05 34032]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-03-07 2360584]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2009-02-11 634888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MemoryCardManager"="c:\program files (x86)\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"dldomon.exe"="c:\program files (x86)\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-10-04 10:26:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-04 14:26
ComboFix2.txt 2011-10-04 01:18
ComboFix3.txt 2011-09-30 19:28
ComboFix4.txt 2011-09-28 22:25
.
Pre-Run: 173,721,272,320 bytes free
Post-Run: 173,661,163,520 bytes free
.
- - End Of File - - 3E95317D2B498F33907CABD92070D2B5
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/10/03 18:52:13 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{09C453B6-8ED1-4858-B604-982918A604A0}
    [2011/10/03 18:51:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{787C086A-692A-4F53-92F8-8B23A5234D34}
    [2011/10/03 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D166D378-3744-453B-A2A3-4B803FB19011}
    [2011/10/03 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{14484E09-CC0E-4754-BA4D-409876CAE39A}
    [2011/10/02 19:08:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D6643E4D-E63B-43E4-B808-DD8952D5E5F8}
    [2011/10/02 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{50825DB4-1DD8-4424-836C-1A20BC4F4913}
    [2011/10/01 15:55:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5A04FB9E-3A2C-4B39-9945-B8632BDE37A8}
    [2011/10/01 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{ACACCCCB-09B8-4916-9BA0-75C764383C4C}
    [2011/09/30 12:30:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0BDC9C8C-2D9B-4ED5-9275-B9A875E0218F}
    [2011/09/30 12:30:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D5398BD5-F1AA-42C5-96C1-890C3C496964}
    [2011/09/29 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{867D776B-21DA-40CB-873A-0E30A63FD83A}
    [2011/09/29 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D1E16AAF-0113-42C6-9E39-F38BE967FA77}
    [2011/09/28 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{59037DF7-88F6-4DE3-9910-1E413497085C}
    [2011/09/28 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C7DECBEA-FA01-409D-B3D7-33E8BF2A755E}
    [2011/09/27 22:23:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4D8AB078-DF0B-442C-A517-6433D4602583}
    [2011/09/27 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{92EC7465-CCDF-42FF-922C-13A766BF0CCA}
    [2011/09/27 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DB4C806F-32CE-4569-AA84-EE2981D87F45}
    [2011/09/27 19:04:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4D6C8DF3-DA16-4222-AFF0-F7345A9417FC}
    [2011/09/26 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C27E97BA-E07A-4920-A0E9-9F3143232148}
    [2011/09/26 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{D0E84954-175B-4800-B9B5-60FCC3835BB8}
    [2011/09/26 19:21:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{CC658B85-D18B-47A1-A5B3-78B06860DED1}
    [2011/09/25 11:18:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9851104D-EB88-4FE6-9C7F-831340CCBFD0}
    [2011/09/24 14:26:55 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A8765A34-E574-4DCF-856D-25A830F3D6D0}
    [2011/09/24 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{91B40AD4-A3AA-415B-A3F5-2B4E120E2C74}
    [2011/09/23 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6B168EB2-001D-4F48-8724-8E8A36EE7CB2}
    [2011/09/23 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{21D8F1BE-E83E-42D2-AB4E-E99DDEB49BCD}
    [2011/09/22 23:42:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{9B339570-F9A5-41FE-8936-C7EF02828C52}
    [2011/09/22 23:41:41 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7938C6AD-3EA5-47EA-A07F-AACE8562344F}
    [2011/09/22 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B0FA220E-D2AF-4847-BCB0-215D617C082A}
    [2011/09/22 11:01:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{34E7E47C-D17E-404C-888E-BA7665315A05}
    [2011/09/21 23:00:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{63388E45-B2EE-4909-93FC-8A9B8F5F0A64}
    [2011/09/21 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{581F50DF-E9C7-43F7-8690-93F850F5075F}
    [2011/09/21 13:05:51 | 000,000,000 | -HSD | C] -- C:\Users\Eddie\AppData\Roaming\888C743A
    [2011/09/21 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B6601F8F-E1E5-407D-B729-A9749BC5526F}
    [2011/09/21 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{7DFE8EF3-7864-4038-A3E0-BEE4D4777920}
    [2011/09/21 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{63DDFE95-C8C6-43B5-A5F7-AA07F8B455FE}
    [2011/09/21 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EA553DF5-E4C6-4A35-A138-4A711A4B8FBB}
    [2011/09/20 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{33B0A467-E9D0-45AF-9157-E11EBAEA5426}
    [2011/09/20 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C50581AF-F9AA-4988-AAB4-2C5AA1D91374}
    [2011/09/19 21:27:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AB6FFCEB-04CE-41E6-85D0-2ED91E4C4C0E}
    [2011/09/19 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3A2BF5F6-0FEA-475E-97D3-92247F96F86D}
    [2011/09/19 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{EAF75024-EE23-43D2-9610-D6207DF1EF64}
    [2011/09/19 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B3FDF80C-9874-4EE0-AA08-3C34E9D78D89}
    [2011/09/18 16:50:44 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{35DE1D38-B1C1-409C-9829-CAA6706C1B33}
    [2011/09/18 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E5710D4F-0660-4811-9901-AD16E08F773F}
    [2011/09/17 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C78A7E11-56C5-4072-AFAD-A7E9D059508C}
    [2011/09/17 00:28:03 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{831D6599-7548-4405-A96C-B0A826A6290C}
    [2011/09/16 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FAFAEF2B-49E6-431B-AF7C-85E10C67365C}
    [2011/09/16 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FFB1B29E-2B3B-43E5-9609-BA41DAD2FAB0}
    [2011/09/15 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1C8A0A77-B3AA-44EC-8B74-B40C896BA008}
    [2011/09/15 22:01:51 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AC122C08-F3B4-42B1-8DAD-9CD54E0261A7}
    [2011/09/15 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F6F223C-1CBA-49D2-9168-A5BDF433ADE9}
    [2011/09/15 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{09C3399C-5C76-4C98-8EC3-DA3647A43633}
    [2011/09/14 22:22:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{944EAD6C-F46C-4E0D-93FB-5FEAD9C42F9E}
    [2011/09/14 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0281EB9F-267D-4084-8A5A-DD6DBFD6A57C}
    [2011/09/14 10:02:18 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{644F67FB-EFC8-4325-BA26-2A160DD90420}
    [2011/09/13 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C097E518-15BA-457D-B864-4AF53CAF3F06}
    [2011/09/13 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{C56F39FA-DECC-4E3D-9666-EED91744D005}
    [2011/09/13 19:04:22 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{085C5AFA-2C48-493B-A74C-3A1389C03868}
    [2011/09/13 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1B29EDC5-D4E1-4E67-8DBC-6F0527802F82}
    [2011/09/13 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6B674FD9-5261-47F7-8047-52F05EA0957A}
    [2011/09/13 13:09:52 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{1E0A09B6-C89A-4308-9B15-2551341754AA}
    [2011/09/12 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{3C94ED53-5A93-4255-8D0D-EEC986C5CCBF}
    [2011/09/12 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E49B4366-993E-4828-81E2-470997BA8527}
    [2011/09/11 12:29:07 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{FDC239D5-A29F-4668-813F-DC9C95F211BA}
    [2011/09/11 12:28:56 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A2ABF1F1-8733-4A47-9055-E873119718BE}
    [2011/09/10 14:23:49 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{22CEB281-771E-4C2F-9D78-DCD312A6AC7E}
    [2011/09/10 14:23:38 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{12160AA7-8A9A-4CBA-903E-414EB6017F1D}
    [2011/09/10 10:13:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B1B97B86-87EB-476A-898A-01927E6ED309}
    [2011/09/09 12:24:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{511055CA-6573-411B-AC70-83E04DC2D422}
    [2011/09/09 12:23:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{B30E0CEF-B12F-45A6-951A-C291CE85D927}
    [2011/09/08 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5BDC6696-C658-4331-97F5-56AD37CF9C07}
    [2011/09/08 12:12:08 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{5BA9619C-A0B8-4C24-97BD-71D2BB68ADC9}
    [2011/09/08 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4F38CA54-1647-4C48-875F-3E941E1BFB79}
    [2011/09/08 00:06:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{A3C2D0D2-DF0F-411D-BBF6-77A7A910D738}
    [2011/09/07 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{4A780CE5-7E80-4D00-8618-F56F2DD3F18F}
    [2011/09/07 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{57DC6D12-7129-4C58-8228-17881474995D}
    [2011/09/07 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{98122639-0D3A-4561-ADF6-9B412F6104AC}
    [2011/09/07 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{6E211133-9BFA-4DE3-9641-454BEF403F66}
    [2011/09/06 12:42:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{0F047A87-428E-464F-A52E-8EC02F6BCDBA}
    [2011/09/06 12:42:15 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2683D7B3-A51D-42F4-AAA2-86643E02B5EC}
    [2011/09/06 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{2F40745C-B084-4C81-974B-30848C1BCC83}
    [2011/09/06 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{30FFF8BF-D845-46BC-9119-3D0D9A9D40AE}
    [2011/09/05 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{834651D3-E89C-4632-82FA-97CA92D2D4D3}
    [2011/09/05 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{DAA12864-4000-4D1E-AC8C-554BF95E3752}
    [2011/09/05 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{E40FD1CD-DA47-4BD3-9BAA-3EF534B7D83E}
    [2011/09/05 10:22:53 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{607775F0-E8D1-4C3E-BDC3-D17F20844D24}
    [2011/09/04 22:56:47 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BCE8085E-C99F-4631-960B-C7BA9E81C477}
    [2011/09/04 22:56:26 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{BC708D99-9D45-4DE1-BCC4-8586D61F7BBA}
    [2011/09/04 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{109AAA2F-7F95-41D6-ABE9-9AFFA6BFB6FB}
    [2011/09/04 21:17:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\{AEC5771E-59C0-4003-8F78-B77568494A35}
    @Alternate Data Stream - 1441 bytes -> C:\ProgramData\Microsoft:oUTAGjYserqgWPyQe8BR
    @Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:mhUzGRUL1GLDU0ZM6nm
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Run OTL again
  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

%systemroot%\*.* /RP /s
%systemroot%\*. /RP /s

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad windows with OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file.

Step 5

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
  • OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#10
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL Fix Log:

========== OTL ==========
C:\Users\Eddie\AppData\Local\{09C453B6-8ED1-4858-B604-982918A604A0} folder moved successfully.
C:\Users\Eddie\AppData\Local\{787C086A-692A-4F53-92F8-8B23A5234D34} folder moved successfully.
C:\Users\Eddie\AppData\Local\{D166D378-3744-453B-A2A3-4B803FB19011} folder moved successfully.
C:\Users\Eddie\AppData\Local\{14484E09-CC0E-4754-BA4D-409876CAE39A} folder moved successfully.
C:\Users\Eddie\AppData\Local\{D6643E4D-E63B-43E4-B808-DD8952D5E5F8} folder moved successfully.
C:\Users\Eddie\AppData\Local\{50825DB4-1DD8-4424-836C-1A20BC4F4913} folder moved successfully.
C:\Users\Eddie\AppData\Local\{5A04FB9E-3A2C-4B39-9945-B8632BDE37A8} folder moved successfully.
C:\Users\Eddie\AppData\Local\{ACACCCCB-09B8-4916-9BA0-75C764383C4C} folder moved successfully.
C:\Users\Eddie\AppData\Local\{0BDC9C8C-2D9B-4ED5-9275-B9A875E0218F} folder moved successfully.
C:\Users\Eddie\AppData\Local\{D5398BD5-F1AA-42C5-96C1-890C3C496964} folder moved successfully.
C:\Users\Eddie\AppData\Local\{867D776B-21DA-40CB-873A-0E30A63FD83A} folder moved successfully.
C:\Users\Eddie\AppData\Local\{D1E16AAF-0113-42C6-9E39-F38BE967FA77} folder moved successfully.
C:\Users\Eddie\AppData\Local\{59037DF7-88F6-4DE3-9910-1E413497085C} folder moved successfully.
C:\Users\Eddie\AppData\Local\{C7DECBEA-FA01-409D-B3D7-33E8BF2A755E} folder moved successfully.
C:\Users\Eddie\AppData\Local\{4D8AB078-DF0B-442C-A517-6433D4602583} folder moved successfully.
C:\Users\Eddie\AppData\Local\{92EC7465-CCDF-42FF-922C-13A766BF0CCA} folder moved successfully.
C:\Users\Eddie\AppData\Local\{DB4C806F-32CE-4569-AA84-EE2981D87F45} folder moved successfully.
C:\Users\Eddie\AppData\Local\{4D6C8DF3-DA16-4222-AFF0-F7345A9417FC} folder moved successfully.
C:\Users\Eddie\AppData\Local\{C27E97BA-E07A-4920-A0E9-9F3143232148} folder moved successfully.
C:\Users\Eddie\AppData\Local\{D0E84954-175B-4800-B9B5-60FCC3835BB8} folder moved successfully.
C:\Users\Eddie\AppData\Local\{CC658B85-D18B-47A1-A5B3-78B06860DED1} folder moved successfully.
C:\Users\Eddie\AppData\Local\{9851104D-EB88-4FE6-9C7F-831340CCBFD0} folder moved successfully.
C:\Users\Eddie\AppData\Local\{A8765A34-E574-4DCF-856D-25A830F3D6D0} folder moved successfully.
C:\Users\Eddie\AppData\Local\{91B40AD4-A3AA-415B-A3F5-2B4E120E2C74} folder moved successfully.
C:\Users\Eddie\AppData\Local\{6B168EB2-001D-4F48-8724-8E8A36EE7CB2} folder moved successfully.
C:\Users\Eddie\AppData\Local\{21D8F1BE-E83E-42D2-AB4E-E99DDEB49BCD} folder moved successfully.
C:\Users\Eddie\AppData\Local\{9B339570-F9A5-41FE-8936-C7EF02828C52} folder moved successfully.
C:\Users\Eddie\AppData\Local\{7938C6AD-3EA5-47EA-A07F-AACE8562344F} folder moved successfully.
C:\Users\Eddie\AppData\Local\{B0FA220E-D2AF-4847-BCB0-215D617C082A} folder moved successfully.
C:\Users\Eddie\AppData\Local\{34E7E47C-D17E-404C-888E-BA7665315A05} folder moved successfully.
C:\Users\Eddie\AppData\Local\{63388E45-B2EE-4909-93FC-8A9B8F5F0A64} folder moved successfully.
C:\Users\Eddie\AppData\Local\{581F50DF-E9C7-43F7-8690-93F850F5075F} folder moved successfully.
C:\Users\Eddie\AppData\Roaming\888C743A folder moved successfully.
C:\Users\Eddie\AppData\Local\{B6601F8F-E1E5-407D-B729-A9749BC5526F} folder moved successfully.
C:\Users\Eddie\AppData\Local\{7DFE8EF3-7864-4038-A3E0-BEE4D4777920} folder moved successfully.
C:\Users\Eddie\AppData\Local\{63DDFE95-C8C6-43B5-A5F7-AA07F8B455FE} folder moved successfully.
C:\Users\Eddie\AppData\Local\{EA553DF5-E4C6-4A35-A138-4A711A4B8FBB} folder moved successfully.
C:\Users\Eddie\AppData\Local\{33B0A467-E9D0-45AF-9157-E11EBAEA5426} folder moved successfully.
C:\Users\Eddie\AppData\Local\{C50581AF-F9AA-4988-AAB4-2C5AA1D91374} folder moved successfully.
C:\Users\Eddie\AppData\Local\{AB6FFCEB-04CE-41E6-85D0-2ED91E4C4C0E} folder moved successfully.
C:\Users\Eddie\AppData\Local\{3A2BF5F6-0FEA-475E-97D3-92247F96F86D} folder moved successfully.
C:\Users\Eddie\AppData\Local\{EAF75024-EE23-43D2-9610-D6207DF1EF64} folder moved successfully.
C:\Users\Eddie\AppData\Local\{B3FDF80C-9874-4EE0-AA08-3C34E9D78D89} folder moved successfully.
C:\Users\Eddie\AppData\Local\{35DE1D38-B1C1-409C-9829-CAA6706C1B33} folder moved successfully.
C:\Users\Eddie\AppData\Local\{E5710D4F-0660-4811-9901-AD16E08F773F} folder moved successfully.
C:\Users\Eddie\AppData\Local\{C78A7E11-56C5-4072-AFAD-A7E9D059508C} folder moved successfully.
C:\Users\Eddie\AppData\Local\{831D6599-7548-4405-A96C-B0A826A6290C} folder moved successfully.
C:\Users\Eddie\AppData\Local\{FAFAEF2B-49E6-431B-AF7C-85E10C67365C} folder moved successfully.
C:\Users\Eddie\AppData\Local\{FFB1B29E-2B3B-43E5-9609-BA41DAD2FAB0} folder moved successfully.
C:\Users\Eddie\AppData\Local\{1C8A0A77-B3AA-44EC-8B74-B40C896BA008} folder moved successfully.
C:\Users\Eddie\AppData\Local\{AC122C08-F3B4-42B1-8DAD-9CD54E0261A7} folder moved successfully.
C:\Users\Eddie\AppData\Local\{2F6F223C-1CBA-49D2-9168-A5BDF433ADE9} folder moved successfully.
C:\Users\Eddie\AppData\Local\{09C3399C-5C76-4C98-8EC3-DA3647A43633} folder moved successfully.
C:\Users\Eddie\AppData\Local\{944EAD6C-F46C-4E0D-93FB-5FEAD9C42F9E} folder moved successfully.
C:\Users\Eddie\AppData\Local\{0281EB9F-267D-4084-8A5A-DD6DBFD6A57C} folder moved successfully.
C:\Users\Eddie\AppData\Local\{644F67FB-EFC8-4325-BA26-2A160DD90420} folder moved successfully.
C:\Users\Eddie\AppData\Local\{C097E518-15BA-457D-B864-4AF53CAF3F06} folder moved successfully.
C:\Users\Eddie\AppData\Local\{C56F39FA-DECC-4E3D-9666-EED91744D005} folder moved successfully.
C:\Users\Eddie\AppData\Local\{085C5AFA-2C48-493B-A74C-3A1389C03868} folder moved successfully.
C:\Users\Eddie\AppData\Local\{1B29EDC5-D4E1-4E67-8DBC-6F0527802F82} folder moved successfully.
C:\Users\Eddie\AppData\Local\{6B674FD9-5261-47F7-8047-52F05EA0957A} folder moved successfully.
C:\Users\Eddie\AppData\Local\{1E0A09B6-C89A-4308-9B15-2551341754AA} folder moved successfully.
C:\Users\Eddie\AppData\Local\{3C94ED53-5A93-4255-8D0D-EEC986C5CCBF} folder moved successfully.
C:\Users\Eddie\AppData\Local\{E49B4366-993E-4828-81E2-470997BA8527} folder moved successfully.
C:\Users\Eddie\AppData\Local\{FDC239D5-A29F-4668-813F-DC9C95F211BA} folder moved successfully.
C:\Users\Eddie\AppData\Local\{A2ABF1F1-8733-4A47-9055-E873119718BE} folder moved successfully.
C:\Users\Eddie\AppData\Local\{22CEB281-771E-4C2F-9D78-DCD312A6AC7E} folder moved successfully.
C:\Users\Eddie\AppData\Local\{12160AA7-8A9A-4CBA-903E-414EB6017F1D} folder moved successfully.
C:\Users\Eddie\AppData\Local\{B1B97B86-87EB-476A-898A-01927E6ED309} folder moved successfully.
C:\Users\Eddie\AppData\Local\{511055CA-6573-411B-AC70-83E04DC2D422} folder moved successfully.
C:\Users\Eddie\AppData\Local\{B30E0CEF-B12F-45A6-951A-C291CE85D927} folder moved successfully.
C:\Users\Eddie\AppData\Local\{5BDC6696-C658-4331-97F5-56AD37CF9C07} folder moved successfully.
C:\Users\Eddie\AppData\Local\{5BA9619C-A0B8-4C24-97BD-71D2BB68ADC9} folder moved successfully.
C:\Users\Eddie\AppData\Local\{4F38CA54-1647-4C48-875F-3E941E1BFB79} folder moved successfully.
C:\Users\Eddie\AppData\Local\{A3C2D0D2-DF0F-411D-BBF6-77A7A910D738} folder moved successfully.
C:\Users\Eddie\AppData\Local\{4A780CE5-7E80-4D00-8618-F56F2DD3F18F} folder moved successfully.
C:\Users\Eddie\AppData\Local\{57DC6D12-7129-4C58-8228-17881474995D} folder moved successfully.
C:\Users\Eddie\AppData\Local\{98122639-0D3A-4561-ADF6-9B412F6104AC} folder moved successfully.
C:\Users\Eddie\AppData\Local\{6E211133-9BFA-4DE3-9641-454BEF403F66} folder moved successfully.
C:\Users\Eddie\AppData\Local\{0F047A87-428E-464F-A52E-8EC02F6BCDBA} folder moved successfully.
C:\Users\Eddie\AppData\Local\{2683D7B3-A51D-42F4-AAA2-86643E02B5EC} folder moved successfully.
C:\Users\Eddie\AppData\Local\{2F40745C-B084-4C81-974B-30848C1BCC83} folder moved successfully.
C:\Users\Eddie\AppData\Local\{30FFF8BF-D845-46BC-9119-3D0D9A9D40AE} folder moved successfully.
C:\Users\Eddie\AppData\Local\{834651D3-E89C-4632-82FA-97CA92D2D4D3} folder moved successfully.
C:\Users\Eddie\AppData\Local\{DAA12864-4000-4D1E-AC8C-554BF95E3752} folder moved successfully.
C:\Users\Eddie\AppData\Local\{E40FD1CD-DA47-4BD3-9BAA-3EF534B7D83E} folder moved successfully.
C:\Users\Eddie\AppData\Local\{607775F0-E8D1-4C3E-BDC3-D17F20844D24} folder moved successfully.
C:\Users\Eddie\AppData\Local\{BCE8085E-C99F-4631-960B-C7BA9E81C477} folder moved successfully.
C:\Users\Eddie\AppData\Local\{BC708D99-9D45-4DE1-BCC4-8586D61F7BBA} folder moved successfully.
C:\Users\Eddie\AppData\Local\{109AAA2F-7F95-41D6-ABE9-9AFFA6BFB6FB} folder moved successfully.
C:\Users\Eddie\AppData\Local\{AEC5771E-59C0-4003-8F78-B77568494A35} folder moved successfully.
ADS C:\ProgramData\Microsoft:oUTAGjYserqgWPyQe8BR deleted successfully.
ADS C:\ProgramData\Microsoft:mhUzGRUL1GLDU0ZM6nm deleted successfully.
Mount Point C:\Windows\system64 removed successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.29.1 log created on 10052011_123907
  • 0

Advertisements


#11
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
TDSS killer:

12:44:50.0062 1824 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
12:44:50.0374 1824 ============================================================
12:44:50.0374 1824 Current date / time: 2011/10/05 12:44:50.0374
12:44:50.0374 1824 SystemInfo:
12:44:50.0374 1824
12:44:50.0374 1824 OS Version: 6.0.6002 ServicePack: 2.0
12:44:50.0374 1824 Product type: Workstation
12:44:50.0374 1824 ComputerName: EDDIES-DELL
12:44:50.0374 1824 UserName: Eddie
12:44:50.0374 1824 Windows directory: C:\Windows
12:44:50.0374 1824 System windows directory: C:\Windows
12:44:50.0374 1824 Running under WOW64
12:44:50.0374 1824 Processor architecture: Intel x64
12:44:50.0374 1824 Number of processors: 2
12:44:50.0374 1824 Page size: 0x1000
12:44:50.0374 1824 Boot type: Safe boot with network
12:44:50.0374 1824 ============================================================
12:44:51.0778 1824 Initialize success
12:44:55.0179 1428 ============================================================
12:44:55.0179 1428 Scan started
12:44:55.0179 1428 Mode: Manual;
12:44:55.0179 1428 ============================================================
12:44:56.0364 1428 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
12:44:56.0380 1428 ACPI - ok
12:44:56.0442 1428 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:44:56.0442 1428 adp94xx - ok
12:44:56.0473 1428 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:44:56.0489 1428 adpahci - ok
12:44:56.0505 1428 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:44:56.0520 1428 adpu160m - ok
12:44:56.0536 1428 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:44:56.0551 1428 adpu320 - ok
12:44:56.0629 1428 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
12:44:56.0629 1428 AFD - ok
12:44:56.0661 1428 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:44:56.0661 1428 agp440 - ok
12:44:56.0692 1428 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:44:56.0692 1428 aic78xx - ok
12:44:56.0723 1428 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
12:44:56.0723 1428 aliide - ok
12:44:56.0739 1428 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
12:44:56.0739 1428 amdide - ok
12:44:56.0770 1428 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
12:44:56.0770 1428 AmdK8 - ok
12:44:56.0832 1428 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
12:44:56.0832 1428 arc - ok
12:44:56.0895 1428 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
12:44:56.0895 1428 arcsas - ok
12:44:56.0926 1428 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:56.0926 1428 AsyncMac - ok
12:44:56.0988 1428 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
12:44:56.0988 1428 atapi - ok
12:44:57.0051 1428 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:44:57.0051 1428 avgntflt - ok
12:44:57.0113 1428 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:44:57.0113 1428 avipbb - ok
12:44:57.0129 1428 Beep - ok
12:44:57.0144 1428 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
12:44:57.0160 1428 blbdrive - ok
12:44:57.0191 1428 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
12:44:57.0207 1428 bowser - ok
12:44:57.0238 1428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:44:57.0238 1428 BrFiltLo - ok
12:44:57.0253 1428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:44:57.0253 1428 BrFiltUp - ok
12:44:57.0269 1428 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:44:57.0285 1428 Brserid - ok
12:44:57.0300 1428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:44:57.0300 1428 BrSerWdm - ok
12:44:57.0316 1428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:44:57.0316 1428 BrUsbMdm - ok
12:44:57.0331 1428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:44:57.0331 1428 BrUsbSer - ok
12:44:57.0363 1428 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:44:57.0363 1428 BTHMODEM - ok
12:44:57.0363 1428 catchme - ok
12:44:57.0394 1428 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
12:44:57.0394 1428 cdfs - ok
12:44:57.0441 1428 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
12:44:57.0441 1428 cdrom - ok
12:44:57.0472 1428 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
12:44:57.0472 1428 circlass - ok
12:44:57.0519 1428 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
12:44:57.0519 1428 CLFS - ok
12:44:57.0565 1428 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:57.0565 1428 CmBatt - ok
12:44:57.0597 1428 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
12:44:57.0597 1428 cmdide - ok
12:44:57.0643 1428 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
12:44:57.0643 1428 Compbatt - ok
12:44:57.0659 1428 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
12:44:57.0659 1428 crcdisk - ok
12:44:57.0721 1428 CtClsFlt (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:44:57.0737 1428 CtClsFlt - ok
12:44:57.0784 1428 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
12:44:57.0784 1428 DfsC - ok
12:44:57.0893 1428 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
12:44:57.0893 1428 disk - ok
12:44:58.0002 1428 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
12:44:58.0002 1428 Dot4 - ok
12:44:58.0033 1428 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:44:58.0033 1428 Dot4Print - ok
12:44:58.0080 1428 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
12:44:58.0080 1428 dot4usb - ok
12:44:58.0158 1428 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
12:44:58.0158 1428 drmkaud - ok
12:44:58.0205 1428 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
12:44:58.0236 1428 DXGKrnl - ok
12:44:58.0283 1428 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
12:44:58.0283 1428 e1express - ok
12:44:58.0330 1428 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:44:58.0330 1428 E1G60 - ok
12:44:58.0377 1428 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
12:44:58.0377 1428 Ecache - ok
12:44:58.0408 1428 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
12:44:58.0408 1428 elxstor - ok
12:44:58.0455 1428 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
12:44:58.0455 1428 ErrDev - ok
12:44:58.0501 1428 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
12:44:58.0501 1428 exfat - ok
12:44:58.0533 1428 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
12:44:58.0548 1428 FACAP - ok
12:44:58.0579 1428 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
12:44:58.0595 1428 fastfat - ok
12:44:58.0626 1428 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
12:44:58.0626 1428 fdc - ok
12:44:58.0657 1428 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
12:44:58.0657 1428 FileInfo - ok
12:44:58.0673 1428 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
12:44:58.0673 1428 Filetrace - ok
12:44:58.0704 1428 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:58.0704 1428 flpydisk - ok
12:44:58.0751 1428 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
12:44:58.0751 1428 FltMgr - ok
12:44:58.0782 1428 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
12:44:58.0782 1428 Fs_Rec - ok
12:44:58.0798 1428 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
12:44:58.0813 1428 gagp30kx - ok
12:44:58.0860 1428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:44:58.0860 1428 GEARAspiWDM - ok
12:44:58.0938 1428 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:44:58.0954 1428 HDAudBus - ok
12:44:58.0969 1428 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:44:58.0969 1428 HidBth - ok
12:44:58.0985 1428 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
12:44:59.0001 1428 HidIr - ok
12:44:59.0063 1428 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
12:44:59.0063 1428 HidUsb - ok
12:44:59.0094 1428 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
12:44:59.0094 1428 HpCISSs - ok
12:44:59.0157 1428 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
12:44:59.0172 1428 HTTP - ok
12:44:59.0203 1428 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
12:44:59.0203 1428 i2omp - ok
12:44:59.0235 1428 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
12:44:59.0235 1428 i8042prt - ok
12:44:59.0266 1428 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
12:44:59.0266 1428 iaStorV - ok
12:44:59.0562 1428 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:44:59.0781 1428 igfx - ok
12:44:59.0796 1428 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:44:59.0796 1428 iirsp - ok
12:44:59.0843 1428 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
12:44:59.0843 1428 IntcHdmiAddService - ok
12:44:59.0859 1428 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
12:44:59.0859 1428 intelide - ok
12:44:59.0874 1428 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
12:44:59.0874 1428 intelppm - ok
12:44:59.0952 1428 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:44:59.0952 1428 IpFilterDriver - ok
12:44:59.0983 1428 IpInIp - ok
12:44:59.0999 1428 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
12:44:59.0999 1428 IPMIDRV - ok
12:45:00.0030 1428 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
12:45:00.0030 1428 IPNAT - ok
12:45:00.0061 1428 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
12:45:00.0061 1428 IRENUM - ok
12:45:00.0077 1428 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
12:45:00.0077 1428 isapnp - ok
12:45:00.0139 1428 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
12:45:00.0139 1428 iScsiPrt - ok
12:45:00.0171 1428 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
12:45:00.0171 1428 iteatapi - ok
12:45:00.0186 1428 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
12:45:00.0186 1428 iteraid - ok
12:45:00.0233 1428 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:45:00.0233 1428 k57nd60a - ok
12:45:00.0264 1428 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:00.0264 1428 kbdclass - ok
12:45:00.0311 1428 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:00.0311 1428 kbdhid - ok
12:45:00.0358 1428 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
12:45:00.0373 1428 KSecDD - ok
12:45:00.0389 1428 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
12:45:00.0405 1428 ksthunk - ok
12:45:00.0451 1428 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:00.0451 1428 lltdio - ok
12:45:00.0483 1428 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
12:45:00.0483 1428 LSI_FC - ok
12:45:00.0498 1428 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
12:45:00.0498 1428 LSI_SAS - ok
12:45:00.0529 1428 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
12:45:00.0529 1428 LSI_SCSI - ok
12:45:00.0561 1428 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
12:45:00.0561 1428 luafv - ok
12:45:00.0623 1428 MAUSBFT (53e1d1115c5c119bcaa7ff6039c10aaf) C:\Windows\system32\DRIVERS\mausbft.sys
12:45:00.0623 1428 MAUSBFT - ok
12:45:00.0654 1428 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
12:45:00.0654 1428 megasas - ok
12:45:00.0701 1428 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
12:45:00.0701 1428 MegaSR - ok
12:45:00.0732 1428 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
12:45:00.0732 1428 Modem - ok
12:45:00.0748 1428 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
12:45:00.0748 1428 monitor - ok
12:45:00.0763 1428 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:00.0763 1428 mouclass - ok
12:45:00.0779 1428 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:00.0779 1428 mouhid - ok
12:45:00.0810 1428 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
12:45:00.0810 1428 MountMgr - ok
12:45:00.0841 1428 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
12:45:00.0841 1428 mpio - ok
12:45:00.0857 1428 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
12:45:00.0873 1428 mpsdrv - ok
12:45:00.0904 1428 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
12:45:00.0904 1428 Mraid35x - ok
12:45:00.0951 1428 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
12:45:00.0951 1428 MRxDAV - ok
12:45:01.0013 1428 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:01.0013 1428 mrxsmb - ok
12:45:01.0060 1428 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:01.0060 1428 mrxsmb10 - ok
12:45:01.0107 1428 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:01.0107 1428 mrxsmb20 - ok
12:45:01.0169 1428 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
12:45:01.0169 1428 msahci - ok
12:45:01.0200 1428 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
12:45:01.0200 1428 msdsm - ok
12:45:01.0231 1428 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
12:45:01.0231 1428 Msfs - ok
12:45:01.0263 1428 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
12:45:01.0263 1428 msisadrv - ok
12:45:01.0309 1428 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:01.0309 1428 MSKSSRV - ok
12:45:01.0325 1428 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:01.0325 1428 MSPCLOCK - ok
12:45:01.0356 1428 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
12:45:01.0356 1428 MSPQM - ok
12:45:01.0403 1428 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
12:45:01.0403 1428 MsRPC - ok
12:45:01.0419 1428 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
12:45:01.0419 1428 mssmbios - ok
12:45:01.0434 1428 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
12:45:01.0434 1428 MSTEE - ok
12:45:01.0465 1428 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
12:45:01.0465 1428 Mup - ok
12:45:01.0512 1428 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:01.0528 1428 NativeWifiP - ok
12:45:01.0575 1428 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
12:45:01.0590 1428 NDIS - ok
12:45:01.0653 1428 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:01.0653 1428 NdisTapi - ok
12:45:01.0668 1428 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:01.0668 1428 Ndisuio - ok
12:45:01.0715 1428 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:01.0715 1428 NdisWan - ok
12:45:01.0731 1428 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
12:45:01.0746 1428 NDProxy - ok
12:45:01.0762 1428 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
12:45:01.0762 1428 NetBIOS - ok
12:45:01.0793 1428 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
12:45:01.0809 1428 netbt - ok
12:45:01.0965 1428 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
12:45:02.0074 1428 NETw5v64 - ok
12:45:02.0089 1428 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
12:45:02.0089 1428 nfrd960 - ok
12:45:02.0121 1428 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
12:45:02.0121 1428 Npfs - ok
12:45:02.0152 1428 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
12:45:02.0152 1428 nsiproxy - ok
12:45:02.0214 1428 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
12:45:02.0261 1428 Ntfs - ok
12:45:02.0277 1428 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
12:45:02.0277 1428 Null - ok
12:45:02.0292 1428 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
12:45:02.0292 1428 nvraid - ok
12:45:02.0308 1428 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
12:45:02.0323 1428 nvstor - ok
12:45:02.0339 1428 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
12:45:02.0355 1428 nv_agp - ok
12:45:02.0355 1428 NwlnkFlt - ok
12:45:02.0370 1428 NwlnkFwd - ok
12:45:02.0417 1428 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
12:45:02.0417 1428 OA008Ufd - ok
12:45:02.0448 1428 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
12:45:02.0448 1428 OA008Vid - ok
12:45:02.0511 1428 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
12:45:02.0511 1428 ohci1394 - ok
12:45:02.0526 1428 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
12:45:02.0526 1428 Parport - ok
12:45:02.0573 1428 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
12:45:02.0573 1428 partmgr - ok
12:45:02.0604 1428 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
12:45:02.0620 1428 pci - ok
12:45:02.0635 1428 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
12:45:02.0635 1428 pciide - ok
12:45:02.0667 1428 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
12:45:02.0667 1428 pcmcia - ok
12:45:02.0698 1428 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
12:45:02.0729 1428 PEAUTH - ok
12:45:02.0823 1428 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:02.0823 1428 PptpMiniport - ok
12:45:02.0838 1428 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
12:45:02.0838 1428 Processor - ok
12:45:02.0901 1428 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
12:45:02.0901 1428 PSched - ok
12:45:02.0947 1428 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
12:45:02.0947 1428 PxHlpa64 - ok
12:45:02.0994 1428 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
12:45:03.0025 1428 ql2300 - ok
12:45:03.0041 1428 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
12:45:03.0057 1428 ql40xx - ok
12:45:03.0072 1428 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
12:45:03.0072 1428 QWAVEdrv - ok
12:45:03.0181 1428 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
12:45:03.0244 1428 R300 - ok
12:45:03.0275 1428 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:03.0275 1428 RasAcd - ok
12:45:03.0322 1428 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:03.0322 1428 Rasl2tp - ok
12:45:03.0369 1428 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:03.0369 1428 RasPppoe - ok
12:45:03.0400 1428 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:03.0400 1428 RasSstp - ok
12:45:03.0447 1428 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:03.0462 1428 rdbss - ok
12:45:03.0478 1428 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:03.0478 1428 RDPCDD - ok
12:45:03.0509 1428 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
12:45:03.0509 1428 rdpdr - ok
12:45:03.0525 1428 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
12:45:03.0525 1428 RDPENCDD - ok
12:45:03.0571 1428 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
12:45:03.0571 1428 RDPWD - ok
12:45:03.0634 1428 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:45:03.0634 1428 rimmptsk - ok
12:45:03.0665 1428 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
12:45:03.0665 1428 rimsptsk - ok
12:45:03.0681 1428 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:45:03.0681 1428 rismxdp - ok
12:45:03.0696 1428 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:03.0712 1428 rspndr - ok
12:45:03.0727 1428 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
12:45:03.0727 1428 sbp2port - ok
12:45:03.0790 1428 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
12:45:03.0790 1428 sdbus - ok
12:45:03.0837 1428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:03.0837 1428 secdrv - ok
12:45:03.0868 1428 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
12:45:03.0868 1428 Serenum - ok
12:45:03.0899 1428 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
12:45:03.0899 1428 Serial - ok
12:45:03.0915 1428 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
12:45:03.0915 1428 sermouse - ok
12:45:03.0977 1428 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
12:45:03.0977 1428 sffdisk - ok
12:45:03.0993 1428 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:03.0993 1428 sffp_mmc - ok
12:45:04.0024 1428 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:45:04.0024 1428 sffp_sd - ok
12:45:04.0039 1428 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
12:45:04.0039 1428 sfloppy - ok
12:45:04.0071 1428 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
12:45:04.0071 1428 SiSRaid2 - ok
12:45:04.0086 1428 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
12:45:04.0102 1428 SiSRaid4 - ok
12:45:04.0133 1428 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
12:45:04.0133 1428 Smb - ok
12:45:04.0180 1428 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
12:45:04.0180 1428 spldr - ok
12:45:04.0242 1428 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
12:45:04.0242 1428 srv - ok
12:45:04.0273 1428 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
12:45:04.0273 1428 srv2 - ok
12:45:04.0305 1428 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:04.0305 1428 srvnet - ok
12:45:04.0383 1428 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
12:45:04.0383 1428 STHDA - ok
12:45:04.0429 1428 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
12:45:04.0429 1428 StillCam - ok
12:45:04.0476 1428 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
12:45:04.0476 1428 swenum - ok
12:45:04.0507 1428 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
12:45:04.0507 1428 Symc8xx - ok
12:45:04.0523 1428 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
12:45:04.0523 1428 Sym_hi - ok
12:45:04.0539 1428 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
12:45:04.0554 1428 Sym_u3 - ok
12:45:04.0601 1428 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
12:45:04.0601 1428 SynTP - ok
12:45:04.0679 1428 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
12:45:04.0710 1428 Tcpip - ok
12:45:04.0741 1428 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:04.0757 1428 Tcpip6 - ok
12:45:04.0773 1428 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
12:45:04.0773 1428 tcpipreg - ok
12:45:04.0804 1428 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
12:45:04.0804 1428 TDPIPE - ok
12:45:04.0835 1428 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
12:45:04.0835 1428 TDTCP - ok
12:45:04.0882 1428 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
12:45:04.0882 1428 tdx - ok
12:45:04.0929 1428 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
12:45:04.0929 1428 TermDD - ok
12:45:05.0007 1428 Tpkd (e36c2b04b7eb90a7c3e29ebdfc3a8d30) C:\Windows\system32\drivers\Tpkd.sys
12:45:05.0007 1428 Tpkd - ok
12:45:05.0038 1428 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:05.0038 1428 tssecsrv - ok
12:45:05.0069 1428 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
12:45:05.0069 1428 tunmp - ok
12:45:05.0116 1428 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:05.0116 1428 tunnel - ok
12:45:05.0147 1428 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
12:45:05.0147 1428 uagp35 - ok
12:45:05.0178 1428 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
12:45:05.0178 1428 udfs - ok
12:45:05.0241 1428 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
12:45:05.0241 1428 uliagpkx - ok
12:45:05.0256 1428 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
12:45:05.0256 1428 uliahci - ok
12:45:05.0287 1428 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
12:45:05.0287 1428 UlSata - ok
12:45:05.0303 1428 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
12:45:05.0319 1428 ulsata2 - ok
12:45:05.0334 1428 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
12:45:05.0334 1428 umbus - ok
12:45:05.0381 1428 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:45:05.0397 1428 USBAAPL64 - ok
12:45:05.0428 1428 usbaudio (471474efa0640b426e9f8aa5a5fc2673) C:\Windows\system32\drivers\usbaudio.sys
12:45:05.0428 1428 usbaudio - ok
12:45:05.0506 1428 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:05.0506 1428 usbccgp - ok
12:45:05.0521 1428 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
12:45:05.0521 1428 usbcir - ok
12:45:05.0553 1428 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:05.0553 1428 usbehci - ok
12:45:05.0615 1428 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:05.0631 1428 usbhub - ok
12:45:05.0646 1428 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
12:45:05.0646 1428 usbohci - ok
12:45:05.0693 1428 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:05.0693 1428 usbprint - ok
12:45:05.0740 1428 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:05.0740 1428 usbscan - ok
12:45:05.0755 1428 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:05.0755 1428 USBSTOR - ok
12:45:05.0818 1428 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:05.0818 1428 usbuhci - ok
12:45:05.0849 1428 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:05.0849 1428 vga - ok
12:45:05.0865 1428 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
12:45:05.0865 1428 VgaSave - ok
12:45:05.0896 1428 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
12:45:05.0896 1428 viaide - ok
12:45:05.0943 1428 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
12:45:05.0943 1428 volmgr - ok
12:45:05.0989 1428 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
12:45:05.0989 1428 volmgrx - ok
12:45:06.0052 1428 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
12:45:06.0052 1428 volsnap - ok
12:45:06.0067 1428 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
12:45:06.0067 1428 vsmraid - ok
12:45:06.0099 1428 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
12:45:06.0099 1428 WacomPen - ok
12:45:06.0145 1428 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:06.0145 1428 Wanarp - ok
12:45:06.0145 1428 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:06.0145 1428 Wanarpv6 - ok
12:45:06.0177 1428 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
12:45:06.0177 1428 Wd - ok
12:45:06.0208 1428 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
12:45:06.0208 1428 WDC_SAM - ok
12:45:06.0239 1428 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
12:45:06.0270 1428 Wdf01000 - ok
12:45:06.0364 1428 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:45:06.0364 1428 WmiAcpi - ok
12:45:06.0442 1428 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
12:45:06.0442 1428 WpdUsb - ok
12:45:06.0473 1428 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:06.0473 1428 ws2ifsl - ok
12:45:06.0535 1428 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:45:06.0535 1428 WSDPrintDevice - ok
12:45:06.0582 1428 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:06.0582 1428 WUDFRd - ok
12:45:06.0629 1428 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:45:06.0645 1428 \Device\Harddisk0\DR0 - ok
12:45:06.0660 1428 Boot (0x1200) (f9f9a17fbe6b2ff973b24d8f4e1de333) \Device\Harddisk0\DR0\Partition0
12:45:06.0660 1428 \Device\Harddisk0\DR0\Partition0 - ok
12:45:06.0676 1428 Boot (0x1200) (c2642dd03f7cefde8a8ff1850769fbea) \Device\Harddisk0\DR0\Partition1
12:45:06.0676 1428 \Device\Harddisk0\DR0\Partition1 - ok
12:45:06.0676 1428 ============================================================
12:45:06.0676 1428 Scan finished
12:45:06.0676 1428 ============================================================
12:45:06.0676 1524 Detected object count: 0
12:45:06.0676 1524 Actual detected object count: 0
  • 0

#12
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I ran into a little snafu when running the ANSMBR program. Each time I ran it (twice) I got the blue death screen and the conmputer crashed and then rebooted. I went ahead and ran the OTL log and will post the log as soon as I can. For some reason I keep timing out when I try and reply with the log pasted in.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Eduardotrojan,

Skip aswMBR scan for now. Do last step, OTL scan, and post log here for me.
  • 0

#14
Eduardotrojan

Eduardotrojan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Again today I cannot post or attach the OTL log. I continue to get a "timeout connection reset" when I try to add a reply to this topic. I don't know if the text is so much that it takes too long or what but I have tried at least 12 times.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
The log is too big I think. Please ZIP it and then attach it to your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP