Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

TR/DNSchanger.vj.2 is found by Antivir and is persistent

Started by Eduardotrojan , Sep 28 2011 04:44 PM

This topic is locked

#31
maliprog

Posted 12 October 2011 - 05:16 AM

Trusted Helper

Malware Removal
6,172 posts

We need to try this two steps...

Step 1

Please remove your version of Combofix and download new one. Run it as you did before and post new log here for me.

Step 2

Run OTL again

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

/md5start
consrv.dll
winsrv.dll
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 3

Please don't forget to include these items in your reply:

Combofix log
OTL log

It would be helpful if you could post each log in separate post

#32
Eduardotrojan

Posted 12 October 2011 - 10:42 AM

Member

Topic Starter
Member
29 posts

ComboFix 11-10-12.01 - Eddie 10/12/2011 12:17:58.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2535 [GMT -4:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\System64
.
c:\windows\SysWow64\userinit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 16:31 . 2011-10-12 16:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE985829-214D-4231-BD2C-6D780171451D}\offreg.dll
2011-10-12 16:31 . 2011-10-12 16:31 -------- d-----we c:\windows\system64
2011-10-12 16:29 . 2011-10-12 16:29 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-12 16:29 . 2011-10-12 16:33 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2011-10-12 16:29 . 2011-10-12 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 12:53 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE985829-214D-4231-BD2C-6D780171451D}\mpengine.dll
2011-10-07 14:06 . 2011-10-07 14:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-02 01:30 . 2011-10-02 01:30 -------- d-----w- C:\_OTM
2011-09-29 21:05 . 2011-09-29 21:05 -------- d-----w- C:\_OTL
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 19:32 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 17:51 . 2011-09-28 17:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 17:49 . 2011-09-28 22:33 -------- d-----w- c:\programdata\Lavasoft
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-13 21:14 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 14:10 . 2011-09-06 14:10 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-28 04:30 . 2011-08-28 04:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-23 11:31 . 2011-08-10 16:25 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:24 . 2011-08-10 16:24 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 11:23 . 2011-08-10 16:24 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 11:23 . 2011-08-10 16:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 11:23 . 2011-08-10 16:24 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 11:04 . 2011-08-10 16:25 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-23 11:00 . 2011-08-10 16:24 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-07-23 10:59 . 2011-08-10 16:25 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-07-23 10:59 . 2011-08-10 16:24 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-07-23 10:59 . 2011-08-10 16:24 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-07-23 10:31 . 2011-08-10 16:24 479232 ----a-w- c:\windows\system32\html.iec
2011-07-23 10:03 . 2011-08-10 16:24 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-07-23 09:50 . 2011-08-10 16:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:48 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 09:27 . 2011-08-10 16:24 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-07-23 09:25 . 2011-08-10 16:24 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"FAStartup"="" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-06-18 77824]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
.
c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [2007-10-05 34032]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 1044720]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-03-07 2360584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2009-02-11 634888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MemoryCardManager"="c:\program files (x86)\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"dldomon.exe"="c:\program files (x86)\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-12 12:40:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 16:40
ComboFix2.txt 2011-10-10 17:04
ComboFix3.txt 2011-10-04 14:26
ComboFix4.txt 2011-10-04 01:18
ComboFix5.txt 2011-10-12 16:14
.
Pre-Run: 168,111,656,960 bytes free
Post-Run: 168,067,756,032 bytes free
.
- - End Of File - - 02F04DB8DE4E1AE38146F59C4704DED5

#33
Eduardotrojan

Posted 12 October 2011 - 01:16 PM

Member

Topic Starter
Member
29 posts

OTL logfile created on: 10/12/2011 12:43:09 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Eddie\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.85% Memory free
8.09 Gb Paging File | 6.14 Gb Available in Paging File | 75.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 156.57 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.75 Gb Free Space | 52.90% Space Free | Partition Type: NTFS

Computer Name: EDDIES-DELL | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
PRC - [2011/09/28 08:59:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/02 17:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/03/07 15:16:26 | 001,934,600 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/03/07 15:16:26 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/11 12:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/28 08:59:14 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/07 15:17:04 | 000,088,840 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2009/03/07 15:16:30 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2009/03/07 15:15:28 | 000,234,248 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
MOD - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
MOD - [2007/09/06 16:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldoscw.dll
MOD - [2007/08/01 04:15:51 | 000,077,906 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocfg.dll
MOD - [2007/05/03 11:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldodatr.dll
MOD - [2007/04/09 09:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\DLDOptp.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocats.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/20 04:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 04:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 12:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldocoms.exe -- (dldo_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/30 18:37:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 18:37:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/21 15:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 04:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/11 09:47:50 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausbft.sys -- (MAUSBFT)
DRV:64bit: - [2009/02/10 05:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 05:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/26 03:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 02:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 11:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 05:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/16 05:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 05:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 05:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eddie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 22:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/01 22:27:31 | 000,000,000 | ---D | M]

[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2011/10/11 23:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions
[2011/05/13 16:48:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/10/09 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/18 00:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/12 12:33:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" File not found
O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4256B9A-C8A6-44DB-8C18-7B71AE3A41C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\temp
[2011/10/12 12:33:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/12 12:31:24 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/12 11:54:30 | 004,255,709 | R--- | C] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/08 17:17:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\tdsskiller
[2011/10/08 17:01:22 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/05 12:32:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 10:26:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/01 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\GooredFix Backups
[2011/10/01 21:30:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/30 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/29 17:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/28 18:38:06 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 17:57:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/28 17:57:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 17:57:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 17:57:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/09/28 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 15:32:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 13:51:42 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/28 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/04 14:50:58 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2009/07/04 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2009/07/04 14:50:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2009/07/04 14:50:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2009/07/04 14:50:56 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2009/07/04 14:50:56 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2009/07/04 14:50:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2009/07/04 14:50:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2009/07/04 14:50:55 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2009/07/04 14:50:55 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2009/07/04 14:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2009/07/04 14:50:55 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2009/07/04 14:50:54 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/12 12:38:41 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/12 12:38:41 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/12 12:38:41 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/12 12:33:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/12 12:31:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 12:31:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 12:31:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 12:31:23 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 11:55:05 | 004,255,709 | R--- | M] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/09 23:08:04 | 000,000,732 | ---- | M] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/10/09 12:09:38 | 000,080,384 | ---- | M] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:37 | 000,648,214 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:47 | 001,539,630 | ---- | M] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/08 17:01:23 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:05:48 | 098,668,152 | ---- | M] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:58 | 000,002,316 | ---- | M] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:04 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/05 12:54:50 | 408,035,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/05 12:33:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 11:42:52 | 000,633,966 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/10/04 11:13:26 | 000,000,486 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/10/02 19:15:35 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/09/30 13:05:02 | 000,044,544 | ---- | M] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 13:51:41 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/27 22:42:21 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/09/13 22:03:14 | 000,094,256 | ---- | M] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg

========== Files Created - No Company Name ==========

[2011/10/10 12:34:13 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 12:09:36 | 000,080,384 | ---- | C] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:32 | 000,648,214 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:43 | 001,539,630 | ---- | C] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/07 10:04:27 | 098,668,152 | ---- | C] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:57 | 000,002,316 | ---- | C] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:03 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/04 11:42:49 | 000,633,966 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/09/30 13:11:02 | 000,000,732 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/09/28 17:57:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/28 17:57:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/28 17:57:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/28 17:57:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/28 17:57:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 22:42:21 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/09/13 22:03:12 | 000,094,256 | ---- | C] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/06/29 13:45:10 | 000,220,539 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/29 13:45:10 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/09/27 23:57:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/17 13:58:40 | 000,157,465 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/02/04 17:54:46 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/01/25 22:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\wklnhst.dat
[2010/01/25 22:05:26 | 000,000,486 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 19:28:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 19:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 19:27:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 12:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2009/07/04 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2009/07/04 14:50:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2009/07/04 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2009/07/04 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2009/07/04 14:50:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2009/07/04 14:50:57 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2009/07/04 14:50:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2009/07/04 14:50:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2009/07/04 14:50:54 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2009/07/04 14:37:12 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/06/29 22:30:26 | 000,044,544 | ---- | C] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 02:07:23 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/06/21 01:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/20 23:44:34 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/07 15:17:04 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/03/07 15:16:30 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/03/07 15:15:28 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/12/09 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\968 Series
[2009/10/26 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Amazon
[2010/02/06 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Digidesign
[2010/03/14 13:09:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Facebook
[2010/02/04 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Sling Media
[2010/02/04 18:36:17 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Structure
[2010/01/25 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Template
[2010/12/03 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Windows Live Writer
[2011/10/12 12:30:18 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: CONSRV.DLL >
[2008/01/20 22:50:24 | 000,053,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\consrv.dll
[2008/01/20 22:50:24 | 000,053,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system64\consrv.dll

< MD5 for: WINSRV.DLL >
[2011/06/17 11:31:54 | 000,451,072 | ---- | M] (Microsoft Corporation) MD5=1963C9D71F401DA6E01741D0DBFD82CB -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.22662_none_14ce71156b255f5b\winsrv.dll
[2011/04/20 11:16:49 | 000,450,048 | ---- | M] (Microsoft Corporation) MD5=2D94E4CE322F12061D3FA7DBE65E9AC5 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18638_none_1284d01654c3b456\winsrv.dll
[2011/06/17 12:16:33 | 000,451,072 | ---- | M] (Microsoft Corporation) MD5=316FCE1F71320844790E83B1C5CDEA99 -- C:\Windows\SysNative\winsrv.dll
[2011/06/17 12:16:33 | 000,451,072 | ---- | M] (Microsoft Corporation) MD5=316FCE1F71320844790E83B1C5CDEA99 -- C:\Windows\system64\winsrv.dll
[2011/06/17 12:16:33 | 000,451,072 | ---- | M] (Microsoft Corporation) MD5=316FCE1F71320844790E83B1C5CDEA99 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18484_none_1431332052162cfa\winsrv.dll
[2011/04/20 11:38:31 | 000,450,560 | ---- | M] (Microsoft Corporation) MD5=33353C4E98C0CCF7E2A817536EB58985 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.22628_none_14ffb2816aff87a1\winsrv.dll
[2009/04/11 03:11:28 | 000,450,560 | ---- | M] (Microsoft Corporation) MD5=36F234FD1AA7BAE559BB1C483FC76286 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18005_none_1488ab3251d4722d\winsrv.dll
[2008/01/20 22:49:09 | 000,450,048 | ---- | M] (Microsoft Corporation) MD5=A9C654098A5CA39618DA9D022A6691B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18000_none_129d322654b2a6e1\winsrv.dll
[2011/04/20 10:59:09 | 000,450,048 | ---- | M] (Microsoft Corporation) MD5=CCCFC223E76D14E622D8F2BB5E90B58D -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.22904_none_132adf496dcc953f\winsrv.dll
[2011/04/20 12:03:39 | 000,451,072 | ---- | M] (Microsoft Corporation) MD5=E5E5E593D4850B0AA24CF58B552147F3 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18456_none_1453a37851fc0bd5\winsrv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

#34
maliprog

Posted 12 October 2011 - 02:32 PM

Trusted Helper

Malware Removal
6,172 posts

This infection infected your system files and make changes to your registry. We need to try and find all this changes and restore your settings. Please bear with me...

Run OTL again

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

#35
Eduardotrojan

Posted 12 October 2011 - 02:48 PM

Member

Topic Starter
Member
29 posts

You are doing me a huge favor so I will do anything you ask!

OTL logfile created on: 10/12/2011 4:41:06 PM - Run 7
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Eddie\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.08% Memory free
8.12 Gb Paging File | 6.29 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 156.57 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.75 Gb Free Space | 52.90% Space Free | Partition Type: NTFS

Computer Name: EDDIES-DELL | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
PRC - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/02 17:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/03/07 15:16:26 | 001,934,600 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/03/07 15:16:26 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/11 12:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 22:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/07 15:17:04 | 000,088,840 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2009/03/07 15:16:30 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2009/03/07 15:15:28 | 000,234,248 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
MOD - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
MOD - [2007/09/06 16:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldoscw.dll
MOD - [2007/08/01 04:15:51 | 000,077,906 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocfg.dll
MOD - [2007/05/03 11:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldodatr.dll
MOD - [2007/04/09 09:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\DLDOptp.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocats.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/20 04:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 04:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2011/06/30 18:37:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 00:08:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 12:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldocoms.exe -- (dldo_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/30 18:37:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 18:37:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/21 15:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 04:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/11 09:47:50 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausbft.sys -- (MAUSBFT)
DRV:64bit: - [2009/02/10 05:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 05:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/26 03:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 02:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 11:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 05:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/16 05:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 05:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 05:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eddie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 22:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/01 22:27:31 | 000,000,000 | ---D | M]

[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2011/10/11 23:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions
[2011/05/13 16:48:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/10/09 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/18 00:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/12 12:33:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" File not found
O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4256B9A-C8A6-44DB-8C18-7B71AE3A41C0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\temp
[2011/10/12 12:33:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/12 12:31:24 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/12 11:54:30 | 004,255,709 | R--- | C] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/08 17:17:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\tdsskiller
[2011/10/08 17:01:22 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/05 12:32:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 10:26:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/01 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\GooredFix Backups
[2011/10/01 21:30:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/30 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/29 17:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/28 18:38:06 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 17:57:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/28 17:57:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 17:57:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 17:57:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/09/28 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 15:32:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 13:51:42 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/28 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/04 14:50:58 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2009/07/04 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2009/07/04 14:50:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2009/07/04 14:50:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2009/07/04 14:50:56 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2009/07/04 14:50:56 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2009/07/04 14:50:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2009/07/04 14:50:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2009/07/04 14:50:55 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2009/07/04 14:50:55 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2009/07/04 14:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2009/07/04 14:50:55 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2009/07/04 14:50:54 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/12 16:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 14:31:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 14:31:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 12:38:41 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/12 12:38:41 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/12 12:38:41 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/12 12:33:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/12 12:31:23 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 11:55:05 | 004,255,709 | R--- | M] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/09 23:08:04 | 000,000,732 | ---- | M] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/10/09 12:09:38 | 000,080,384 | ---- | M] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:37 | 000,648,214 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:47 | 001,539,630 | ---- | M] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/08 17:01:23 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:05:48 | 098,668,152 | ---- | M] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:58 | 000,002,316 | ---- | M] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:04 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/05 12:54:50 | 408,035,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/05 12:33:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 11:42:52 | 000,633,966 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/10/04 11:13:26 | 000,000,486 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/10/02 19:15:35 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/09/30 13:05:02 | 000,044,544 | ---- | M] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 13:51:41 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/27 22:42:21 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
[2011/09/13 22:03:14 | 000,094,256 | ---- | M] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg

========== Files Created - No Company Name ==========

[2011/10/10 12:34:13 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 12:09:36 | 000,080,384 | ---- | C] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:32 | 000,648,214 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:43 | 001,539,630 | ---- | C] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/07 10:04:27 | 098,668,152 | ---- | C] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:57 | 000,002,316 | ---- | C] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:03 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/04 11:42:49 | 000,633,966 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/09/30 13:11:02 | 000,000,732 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/09/28 17:57:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/28 17:57:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/28 17:57:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/28 17:57:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/28 17:57:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 22:42:21 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/09/13 22:03:12 | 000,094,256 | ---- | C] () -- C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
[2011/06/29 13:45:10 | 000,220,539 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/29 13:45:10 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/09/27 23:57:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/17 13:58:40 | 000,157,465 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/02/04 17:54:46 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/01/25 22:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\wklnhst.dat
[2010/01/25 22:05:26 | 000,000,486 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 19:28:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 19:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 19:27:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 12:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2009/07/04 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2009/07/04 14:50:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2009/07/04 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2009/07/04 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2009/07/04 14:50:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2009/07/04 14:50:57 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2009/07/04 14:50:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2009/07/04 14:50:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2009/07/04 14:50:54 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2009/07/04 14:37:12 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/06/29 22:30:26 | 000,044,544 | ---- | C] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 02:07:23 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/06/21 01:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/20 23:44:34 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/07 15:17:04 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/03/07 15:16:30 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/03/07 15:15:28 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/12/09 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\968 Series
[2009/10/26 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Amazon
[2010/02/06 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Digidesign
[2010/03/14 13:09:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Facebook
[2010/02/04 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Sling Media
[2010/02/04 18:36:17 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Structure
[2010/01/25 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Template
[2010/12/03 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Windows Live Writer
[2011/10/12 12:30:18 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems >
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

#36
maliprog

Posted 12 October 2011 - 11:15 PM

Trusted Helper

Malware Removal
6,172 posts

Hi Eduardotrojan,

Now we must find clean, uninfected, files on your system and replace infected ones. For this step we will need USB memory drive.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.
When the tool opens click Yes to disclaimer.
Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's
Place a check next to List Drivers MD5
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

#37
Eduardotrojan

Posted 13 October 2011 - 01:35 PM

Member

Topic Starter
Member
29 posts

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.4
Ran by SYSTEM at 2011-10-13 15:29:49
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon64.exe [634888 2009-02-11] (Avid Technology, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-20] (IDT, Inc.)
HKLM\...\Run: [MemoryCardManager] "C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe" [410864 2007-10-05] ()
HKLM\...\Run: [dldomon.exe] "C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe" [455920 2007-10-05] ()
HKLM\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2010-08-02] (Avira GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-03-07] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKLM-x32\...\Run: [DigidesignMMERefresh] "C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe" [77824 2009-06-18] (Avid Technology, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [442536 2008-11-11] (Creative Technology Ltd.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Eddie\...\Policies\system: [LogonHoursAction] 2
HKU\Eddie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\RA Media Server\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [28160 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [28160 2008-01-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [3079168 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [3079168 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services ====================

2 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [26624 2006-11-02] (Microsoft Corporation)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [89600 2009-03-20] (Andrea Electronics Corporation)
3 ALG; C:\Windows\System32\alg.exe [80896 2008-01-20] (Microsoft Corporation)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-29] (Avira GmbH)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-06-30] (Avira GmbH)
3 Appinfo; C:\Windows\System32\appinfo.dll [45056 2008-01-20] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-02-18] (Apple Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [446464 2009-04-10] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [446464 2009-04-10] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [458240 2009-04-10] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [1081856 2009-04-10] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [387944 2011-07-12] (Apple Inc.)
2 Browser; C:\Windows\System32\browser.dll [103424 2008-01-20] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [49664 2009-04-10] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66368 2009-03-29] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-03-29] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [8704 2006-11-02] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [166912 2009-04-10] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [719872 2009-04-10] (Microsoft Corporation)
3 DFSR; C:\Windows\System32\DFSR.exe [3433472 2009-04-10] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [268288 2009-04-10] (Microsoft Corporation)
2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [77824 2009-06-18] (Avid Technology, Inc.)
3 digiSPTIService; "C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe" [159744 2009-06-18] (Avid Technology, Inc.)
2 dldoCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [34032 2007-10-05] ()
2 dldo_device; C:\Windows\system32\dldocoms.exe -service [1044720 2007-10-05] ( )
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [117760 2011-03-02] (Microsoft Corporation)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [208896 2009-04-10] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [139264 2008-01-20] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [74752 2008-01-20] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [344064 2008-01-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [153600 2008-01-20] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [15360 2006-11-02] (Microsoft Corporation)
2 EMDMgmt; C:\Windows\System32\emdmgmt.dll [399360 2009-04-10] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27648 2008-01-20] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [361984 2009-04-10] (Microsoft Corporation)
2 FAService; "C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe" [2360584 2009-03-07] (Sensible Vision )
3 fdPHost; C:\Windows\System32\fdPHost.dll [15360 2008-01-20] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [33280 2006-11-02] (Microsoft Corporation)
2 FontCache; C:\Windows\System32\FntCache.dll [1149440 2011-02-22] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-02-18] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [719360 2009-04-10] (Microsoft Corporation)
3 hidserv; C:\Windows\System32\hidserv.dll [24064 2009-04-10] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [86528 2008-01-20] (Microsoft Corporation)
2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-29] (Hewlett-Packard Co.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [857432 2009-02-18] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [454656 2009-04-10] (Microsoft Corporation)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IPBusEnum; C:\Windows\System32\ipbusenum.dll [93696 2008-01-20] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [225280 2010-02-18] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [934760 2011-08-18] (Apple Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
2 KtmRm; C:\Windows\System32\msdtckrm.dll [395264 2008-01-20] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [179712 2010-09-06] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [203264 2009-06-10] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [296960 2008-01-20] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [24064 2008-01-20] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [67072 2008-01-20] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [37888 2008-01-20] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [603136 2009-04-10] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [106496 2008-01-20] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [154112 2008-01-20] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [125440 2009-04-10] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [409600 2009-04-10] (Microsoft Corporation)
2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard)
3 Netlogon; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [348160 2008-01-20] (Microsoft Corporation)
2 netprofm; C:\Windows\System32\netprofm.dll [304128 2008-01-20] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [117592 2009-02-18] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [206336 2008-01-20] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [24576 2008-01-20] (Microsoft Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [79360 2008-01-20] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [19968 2008-01-20] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1373184 2008-01-20] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [313344 2009-04-10] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [836608 2009-04-10] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [533504 2009-04-10] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [178176 2009-04-10] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
3 QWAVE; C:\Windows\system32\qwave.dll [284160 2008-01-20] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [98304 2008-01-20] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [309760 2009-04-10] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [88064 2008-01-20] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [206848 2009-04-10] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [8704 2006-11-02] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [719872 2009-04-10] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [147968 2009-04-10] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [855040 2010-11-06] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [49664 2009-04-10] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [128000 2008-01-20] (Microsoft Corporation)
2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [249136 2010-09-22] (Microsoft Corporation)
2 seclogon; C:\Windows\system32\seclogon.dll [28672 2008-01-20] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [61952 2008-01-20] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [74752 2008-01-20] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [342016 2008-01-20] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation)
2 slsvc; C:\Windows\System32\SLsvc.exe [2582016 2009-04-10] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [73216 2009-04-10] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2006-11-02] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [273920 2010-08-17] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [185856 2008-01-20] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [141312 2008-01-20] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe [268288 2009-03-20] (IDT, Inc.)
2 stisvc; C:\Windows\System32\wiaservc.dll [572416 2009-04-10] (Microsoft Corporation)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
3 swprv; C:\Windows\System32\swprv.dll [480768 2009-04-10] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [886784 2009-04-10] (Microsoft Corporation)
2 TabletInputService; C:\Windows\System32\TabSvc.dll [84992 2006-11-02] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [318976 2009-04-10] (Microsoft Corporation)
2 TBS; C:\Windows\System32\tbssvc.dll [65536 2008-01-20] (Microsoft Corporation)
2 TermService; C:\Windows\System32\termsrv.dll [547328 2009-04-10] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [302080 2009-07-10] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [37888 2008-01-20] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [117248 2008-01-20] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [42496 2009-04-10] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2008-01-20] (Microsoft Corporation)
2 upnphost; C:\Windows\System32\upnphost.dll [344576 2008-01-20] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [32768 2009-04-10] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [454656 2009-04-10] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1433600 2009-04-10] (Microsoft Corporation)
2 W32Time; C:\Windows\System32\w32time.dll [372736 2009-04-10] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [581120 2009-04-10] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [39936 2006-11-02] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [81920 2008-01-20] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [81920 2008-01-20] (Microsoft Corporation)
2 WebClient; C:\Windows\System32\webclnt.dll [218624 2009-04-10] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [232960 2009-10-09] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [85504 2006-11-02] (Microsoft Corporation)
2 WerSvc; C:\Windows\System32\WerSvc.dll [120832 2008-01-20] (Microsoft Corporation)
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [442368 2009-08-24] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [221696 2009-04-10] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2050048 2009-10-09] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [615936 2009-07-11] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292096 2011-03-28] (Microsoft Corp.)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [209920 2009-04-10] (Microsoft Corporation)
3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1216000 2008-01-20] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [173568 2008-01-20] (Microsoft Corporation)
2 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [107008 2009-09-30] (Microsoft Corporation)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [1020768 2010-03-18] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [74752 2009-04-10] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [597504 2009-04-10] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2424024 2009-08-06] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [66560 2008-01-20] (Microsoft Corporation)

========================== Drivers ===========================

0 ACPI; C:\Windows\System32\drivers\acpi.sys [325608 2009-04-10] (Microsoft Corporation)
4 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [486456 2008-01-20] (Adaptec, Inc.)
4 adpahci; C:\Windows\System32\drivers\adpahci.sys [342584 2008-01-20] (Adaptec, Inc.)
4 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [126520 2008-01-20] (Adaptec, Inc.)
4 adpu320; C:\Windows\System32\drivers\adpu320.sys [185912 2008-01-20] (Adaptec, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [405504 2011-04-21] (Microsoft Corporation)
3 agp440; C:\Windows\System32\drivers\agp440.sys [64568 2008-01-20] (Microsoft Corporation)
4 aic78xx; C:\Windows\System32\drivers\djsvs.sys [88168 2006-11-02] (Adaptec, Inc.)
4 aliide; C:\Windows\System32\drivers\aliide.sys [18488 2009-06-20] (Acer Laboratories Inc.)
4 amdide; C:\Windows\System32\drivers\amdide.sys [15976 2008-01-20] (Microsoft Corporation)
4 AmdK8; C:\Windows\System32\drivers\amdk8.sys [50688 2008-01-20] (Microsoft Corporation)
4 arc; C:\Windows\System32\drivers\arc.sys [90680 2008-01-20] (Adaptec, Inc.)
4 arcsas; C:\Windows\System32\drivers\arcsas.sys [91192 2008-01-20] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [22016 2008-01-20] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [20952 2009-04-10] (Microsoft Corporation)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-06-30] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-06-30] (Avira GmbH)
4 blbdrive; C:\Windows\System32\drivers\blbdrive.sys [55296 2008-01-20] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-18] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\drivers\brfiltlo.sys [18432 2006-09-18] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\drivers\brfiltup.sys [8704 2006-09-18] (Brother Industries, Ltd.)
4 Brserid; C:\Windows\System32\drivers\brserid.sys [86528 2006-11-02] (Brother Industries Ltd.)
4 BrSerWdm; C:\Windows\System32\drivers\brserwdm.sys [47104 2006-09-18] (Brother Industries Ltd.)
4 BrUsbMdm; C:\Windows\System32\drivers\brusbmdm.sys [14976 2006-09-18] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\drivers\brusbser.sys [14720 2006-09-19] (Brother Industries Ltd.)
4 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [50688 2006-11-02] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [90624 2008-01-20] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [79872 2009-04-10] (Microsoft Corporation)
4 circlass; C:\Windows\System32\drivers\circlass.sys [41984 2008-01-20] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [361448 2009-04-10] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17792 2008-01-20] (Microsoft Corporation)
4 cmdide; C:\Windows\System32\drivers\cmdide.sys [18024 2008-01-20] (CMD Technology, Inc.)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [23608 2008-01-20] (Microsoft Corporation)
0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [27704 2008-01-20] (Microsoft Corporation)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [160704 2008-10-28] (Creative Technology Ltd.)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [97792 2011-04-14] (Microsoft Corporation)
0 disk; C:\Windows\System32\drivers\disk.sys [67032 2009-04-10] (Microsoft Corporation)
3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [145408 2008-01-20] (Microsoft Corporation)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2008-01-20] (Microsoft Corporation)
3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [42496 2008-01-20] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [6144 2008-01-20] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [900480 2011-01-20] (Microsoft Corporation)
3 e1express; C:\Windows\System32\DRIVERS\e1e6032e.sys [317952 2008-01-20] (Intel Corporation)
3 E1G60; C:\Windows\System32\DRIVERS\E1G6032E.sys [146176 2008-01-20] (Intel Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [155112 2009-04-10] (Microsoft Corporation)
4 elxstor; C:\Windows\System32\drivers\elxstor.sys [397368 2008-01-20] (Emulex)
4 ErrDev; C:\Windows\System32\drivers\errdev.sys [9216 2009-06-20] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [187904 2009-04-10] (Microsoft Corporation)
3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [238848 2008-09-24] (Sensible Vision )
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [198144 2009-04-10] (Microsoft Corporation)
4 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2008-01-20] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70200 2008-01-20] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [33280 2008-01-20] (Microsoft Corporation)
4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2008-01-20] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275432 2009-04-10] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [16384 2008-01-20] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [68152 2008-01-20] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [948736 2009-04-10] (Microsoft Corporation)
4 HidBth; C:\Windows\System32\drivers\hidbth.sys [34304 2006-11-02] (Microsoft Corporation)
4 HidIr; C:\Windows\System32\drivers\hidir.sys [25600 2006-11-02] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [15872 2009-04-10] (Microsoft Corporation)
4 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [47672 2008-01-20] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [620032 2010-02-20] (Microsoft Corporation)
4 i2omp; C:\Windows\System32\drivers\i2omp.sys [35896 2008-01-20] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [64000 2008-01-20] (Microsoft Corporation)
4 iaStorV; C:\Windows\System32\drivers\iastorv.sys [290872 2008-01-20] (Intel Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10611552 2010-08-25] (Intel Corporation)
4 iirsp; C:\Windows\System32\drivers\iirsp.sys [44648 2006-11-02] (Intel Corp./ICP vortex GmbH)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [126464 2008-11-25] (Intel® Corporation)
4 intelide; C:\Windows\System32\drivers\intelide.sys [19512 2008-01-20] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [48128 2008-01-20] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [67584 2009-04-10] (Microsoft Corporation)
4 IPMIDRV; C:\Windows\System32\drivers\ipmidrv.sys [76288 2008-01-20] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [115712 2008-01-20] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17408 2008-01-20] (Microsoft Corporation)
4 isapnp; C:\Windows\System32\drivers\isapnp.sys [23608 2008-01-20] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [215528 2009-04-10] (Microsoft Corporation)
4 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\System32\drivers\iteraid.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [252928 2008-10-08] (Broadcom Corporation)
1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42040 2008-01-20] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [22528 2009-04-10] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [515656 2009-06-15] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20864 2008-01-20] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [59392 2008-01-20] (Microsoft Corporation)
4 LSI_FC; C:\Windows\System32\drivers\lsi_fc.sys [113720 2008-01-20] (LSI Logic)
4 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [105016 2008-01-20] (LSI Logic)
4 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [113720 2008-01-20] (LSI Logic)
2 luafv; C:\Windows\System32\drivers\luafv.sys [109568 2008-01-20] (Microsoft Corporation)
3 MAUSBFT; C:\Windows\System32\DRIVERS\mausbft.sys [185864 2009-02-11] (Avid Technology, Inc.)
4 megasas; C:\Windows\System32\drivers\megasas.sys [35896 2008-01-20] (LSI Corporation)
4 MegaSR; C:\Windows\System32\drivers\megasr.sys [438328 2008-01-20] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2008-01-20] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [49152 2008-01-20] (Microsoft Corporation)
1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [39992 2008-01-20] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [19968 2008-01-20] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [70200 2008-01-20] (Microsoft Corporation)
4 mpio; C:\Windows\System32\drivers\mpio.sys [128056 2008-01-20] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [81408 2008-01-20] (Microsoft Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [39016 2006-11-02] (LSI Logic Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [139264 2009-04-10] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [135680 2011-04-29] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [275456 2011-07-06] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [107008 2011-04-29] (Microsoft Corporation)
0 msahci; C:\Windows\System32\drivers\msahci.sys [29656 2009-04-10] (Microsoft Corporation)
4 msdsm; C:\Windows\System32\drivers\msdsm.sys [113720 2008-01-20] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2008-01-20] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17976 2008-01-20] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11008 2008-01-20] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7040 2006-11-02] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6656 2006-11-02] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [310760 2009-04-10] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [34872 2008-01-20] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [7936 2008-01-20] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [59880 2009-04-10] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [187392 2009-04-10] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [738264 2009-04-10] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2008-01-20] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [22016 2008-01-20] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [169472 2009-04-10] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [59904 2008-01-20] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2008-01-20] (Microsoft Corporation)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [248320 2009-04-10] (Microsoft Corporation)
3 NETw5v64; C:\Windows\System32\DRIVERS\NETw5v64.sys [4735488 2008-12-22] (Intel Corporation)
4 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [51816 2006-11-02] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44544 2009-04-10] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24064 2008-01-20] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1515496 2009-04-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2006-11-02] (Microsoft Corporation)
4 nvraid; C:\Windows\System32\drivers\nvraid.sys [128056 2008-01-20] (NVIDIA Corporation)
4 nvstor; C:\Windows\System32\drivers\nvstor.sys [54328 2008-01-20] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [126520 2008-01-20] (Microsoft Corporation)
3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [158592 2009-02-10] (Creative Technology Ltd.)
3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [310784 2009-02-10] (Creative Technology Ltd.)
3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [72448 2009-04-10] (Microsoft Corporation)
3 Parport; C:\Windows\System32\drivers\parport.sys [96768 2006-11-02] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [73176 2009-04-10] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [178664 2009-04-10] (Microsoft Corporation)
4 pciide; C:\Windows\System32\drivers\pciide.sys [13416 2008-01-20] (Microsoft Corporation)
4 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [203368 2006-11-02] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [712704 2006-10-23] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [98816 2009-04-10] (Microsoft Corporation)
4 Processor; C:\Windows\System32\drivers\processr.sys [47104 2008-01-20] (Microsoft Corporation)
1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [94208 2009-04-10] (Microsoft Corporation)
0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [53488 2007-11-14] (Sonic Solutions)
4 ql2300; C:\Windows\System32\drivers\ql2300.sys [1221176 2008-01-20] (QLogic Corporation)
4 ql40xx; C:\Windows\System32\drivers\ql40xx.sys [124008 2006-11-02] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2008-01-20] (Microsoft Corporation)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [2488320 2006-11-01] (ATI Technologies Inc.)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2008-01-20] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [124928 2009-04-10] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [50176 2009-04-10] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [78336 2009-04-10] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [287744 2009-04-10] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7168 2008-01-20] (Microsoft Corporation)
4 rdpdr; C:\Windows\System32\drivers\rdpdr.sys [314368 2008-01-20] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7168 2008-01-20] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [209920 2009-04-10] (Microsoft Corporation)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmpx64.sys [62976 2008-09-16] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2008-09-16] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdpx64.sys [57856 2008-09-16] (REDC)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [75776 2008-01-20] (Microsoft Corporation)
4 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [90216 2006-11-02] (Microsoft Corporation)
3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [111104 2009-04-10] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2006-09-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2006-11-02] (Microsoft Corporation)
3 Serial; C:\Windows\System32\drivers\serial.sys [94208 2006-11-02] (Microsoft Corporation)
4 sermouse; C:\Windows\System32\drivers\sermouse.sys [26624 2008-01-20] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [14848 2009-04-10] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\drivers\sffp_mmc.sys [14336 2008-01-20] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [13824 2009-04-10] (Microsoft Corporation)
4 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [16384 2006-11-02] (Microsoft Corporation)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [45624 2008-01-20] (Microsoft Corporation)
4 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [78392 2008-01-20] (Silicon Integrated Systems)
1 Smb; C:\Windows\System32\DRIVERS\smb.sys [88064 2009-04-10] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19432 2009-04-10] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [450560 2011-02-18] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [176128 2011-04-29] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [145920 2011-04-29] (Microsoft Corporation)
3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [477696 2009-03-20] (IDT, Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2008-01-20] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [13032 2008-01-20] (Microsoft Corporation)
4 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [49256 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [44648 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [48232 2006-11-02] (LSI Logic)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [261680 2008-11-25] (Synaptics, Inc.)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1427344 2011-06-17] (Microsoft Corporation)
3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [1427344 2011-06-17] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [40448 2009-12-08] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [16384 2008-01-20] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29696 2008-01-20] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [94720 2009-04-10] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62440 2009-04-10] (Microsoft Corporation)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [103272 2009-05-21] (PACE Anti-Piracy, Inc.)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [29184 2008-01-20] (Microsoft Corporation)
3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [18432 2008-01-20] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [29696 2010-02-18] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\drivers\uagp35.sys [67128 2008-01-20] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [299008 2009-04-10] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [68152 2008-01-20] (Microsoft Corporation)
4 uliahci; C:\Windows\System32\drivers\uliahci.sys [284728 2008-01-20] (ULi Electronics Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [148072 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [174696 2008-01-20] (Promise Technology, Inc.)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [41984 2008-01-20] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [98816 2009-06-20] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [95744 2008-01-20] (Microsoft Corporation)
4 usbcir; C:\Windows\System32\drivers\usbcir.sys [79360 2006-11-02] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [49664 2009-04-10] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [273920 2009-04-10] (Microsoft Corporation)
4 usbohci; C:\Windows\System32\drivers\usbohci.sys [24064 2006-11-02] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [24064 2008-01-20] (Microsoft Corporation)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2008-01-20] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [77824 2009-04-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [29184 2008-01-20] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2008-01-20] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [28672 2008-01-20] (Microsoft Corporation)
4 viaide; C:\Windows\System32\drivers\viaide.sys [18024 2008-01-20] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [67048 2009-04-10] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [408024 2009-04-10] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [269288 2009-04-10] (Microsoft Corporation)
4 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [149048 2008-01-20] (VIA Technologies Inc.,Ltd)
4 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26624 2006-11-02] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [86528 2009-04-10] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [86528 2009-04-10] (Microsoft Corporation)
4 Wd; C:\Windows\System32\drivers\wd.sys [24120 2008-01-20] (Microsoft Corporation)
3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [881720 2008-01-20] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2008-01-20] (Microsoft Corporation)
3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [46592 2009-09-30] (Microsoft Corporation)
1 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [20992 2008-01-20] (Microsoft Corporation)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [22528 2008-01-20] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [108544 2008-01-20] (Microsoft Corporation)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\System32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\System32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\System32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\System32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\System32\drivers\afd.sys 0CC146C4ADDEA45791B18B1E2659F4A9
C:\Windows\System32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\System32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\System32\drivers\aliide.sys 9544C2C55541C0C6BFD7B489D0E7D430
C:\Windows\System32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\System32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\System32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\System32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\DRIVERS\avgntflt.sys B1224E6B086CD6548315B04AB575A23E
C:\Windows\System32\DRIVERS\avipbb.sys ED45F12CFA62B83765C9C1496758CC87
C:\Windows\System32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\System32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\System32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\System32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\System32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\System32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\System32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\System32\DRIVERS\CmBatt.sys B52D9A14CE4101577900A364BA86F3DF
C:\Windows\System32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\System32\DRIVERS\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\DRIVERS\CtClsFlt.sys 11F13042577705093612C6A123CAF12F
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\DRIVERS\Dot4.sys 74C02B1717740C3B8039539E23E4B53F
C:\Windows\System32\DRIVERS\Dot4Prt.sys 08321D1860235BF42CF2854234337AEA
C:\Windows\System32\DRIVERS\dot4usb.sys 4ADCCF0124F2B6911D3786A5D0E779E5
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys B8E554E502D5123BC111F99D6A2181B4
C:\Windows\System32\DRIVERS\e1e6032e.sys 17D40652EF3E55EEAE187A89DF40965A
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\System32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\System32\drivers\errdev.sys 991FAB6AA066E1214EFB5B496FB7959A
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\DRIVERS\facap.sys 2C1D443E14F376E8331F52F135DCA9EF
C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 29D99E860A1CA0A03C6A733FDD0DA703
C:\Windows\System32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\System32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\System32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\System32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\System32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\System32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\System32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\IntcHdmi.sys DEA2AB452B4FA773187369C4B6517320
C:\Windows\System32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\System32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\System32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\System32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\System32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\k57nd60a.sys EB5C7891B9E6E4A1A4428F2160B12B53
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 476E2C1DCEA45895994BEF11C2A98715
C:\Windows\System32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\System32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\System32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\System32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\System32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\System32\DRIVERS\mausbft.sys 53E1D1115C5C119BCAA7FF6039C10AAF
C:\Windows\System32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\System32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\System32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\System32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\System32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\System32\drivers\msahci.sys AA459F2AB3AB603C357FF117CAE3D818
C:\Windows\System32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\System32\DRIVERS\NETw5v64.sys F17EDA58C8C5B1A4F873B322729168FF
C:\Windows\System32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys BAC869DFB98E499BA4D9BB1FB43270E1
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\System32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\System32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\OA008Ufd.sys D09CC91E92FD1FF81AF3A14BE2CBB20D
C:\Windows\System32\DRIVERS\OA008Vid.sys 60FD277CFD34F680A1668AC123B324AE
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\System32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys F9B5EDA4C17A2BE7663F064DBF0FE254
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 8D618C829034479985A9ED56106CC732
C:\Windows\System32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\System32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\System32\Drivers\PxHlpa64.sys 46851BC18322DA70F3F2299A1007C479
C:\Windows\System32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\System32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\System32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\atikmdag.sys 2A09A6B271D1F50ADF5E33B37D460DE6
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\System32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys B1D741C87CEA8D7282146366CC9C3F81
C:\Windows\System32\DRIVERS\rimmpx64.sys D13D70FAC45FC1DF69F88559B1F72F0A
C:\Windows\System32\DRIVERS\rimspx64.sys BB9EDC55B0B8CB4FCD713428820E0776
C:\Windows\System32\DRIVERS\rixdpx64.sys 481C3FDEACAAE04B74C58288DBC91DF9
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\DRIVERS\sdbus.sys BE100BC2BE2513314C717BB2C4CFFF10
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\System32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\System32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\System32\DRIVERS\sffdisk.sys 3A19C899BCF0EA24CFEC2038E6A489DB
C:\Windows\System32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\System32\DRIVERS\sffp_sd.sys FDCA63A2EEE528585EB66CEAC183EC22
C:\Windows\System32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\System32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\System32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\stwrt64.sys BA16447226ABFD342E130D2F24F73D32
C:\Windows\System32\DRIVERS\serscan.sys 14B4DB4381E4A55F570D8BB699B791D6
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\System32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\System32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\System32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\DRIVERS\SynTP.sys 79A93EC9D224B1F43C0E2F023D61DCA3
C:\Windows\System32\drivers\tcpip.sys 4DAD14118FBCF7C609F2A4CE21FBCC5F
C:\Windows\System32\DRIVERS\tcpip.sys 4DAD14118FBCF7C609F2A4CE21FBCC5F
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\Drivers\Tpkd.sys E36C2B04B7EB90A7C3E29EBDFC3A8D30
C:\Windows\System32\DRIVERS\tssecsrv.sys 9E5409CD17C8BEF193AAD498F3BC2CB8
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\System32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\System32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\System32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\System32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\System32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 471474EFA0640B426E9F8AA5A5FC2673
C:\Windows\System32\DRIVERS\usbccgp.sys 07E3498FC60834219D2356293DA0FECC
C:\Windows\System32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 827E44DE934A736EA31E91D353EB126F
C:\Windows\System32\DRIVERS\usbhub.sys BB35CD80A2ECECFADC73569B3D70C7D1
C:\Windows\System32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys EA0BF666868964FBE8CB10E50C97B9F1
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\System32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 5280AADA24AB36B01A84A6424C475C8D
C:\Windows\System32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\System32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys D02E7E4567DA1E7582FBF6A91144B0DF
C:\Windows\System32\DRIVERS\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\System32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\DRIVERS\WSDPrint.sys DE5F5212AB34221DD1618B5FEFE8DB6C
C:\Windows\System32\DRIVERS\WUDFRd.sys 501A65252617B495C0F1832F908D54D8

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-12 18:56 - 2011-09-30 15:25 - 1488384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-12 18:56 - 2011-09-30 15:25 - 1147904 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-12 18:56 - 2011-09-30 15:25 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-10-12 18:56 - 2011-09-30 15:23 - 0243712 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-10-12 18:56 - 2011-09-30 15:22 - 1062912 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-10-12 18:56 - 2011-09-30 15:21 - 9284096 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-12 18:56 - 2011-09-30 15:21 - 1538560 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-10-12 18:56 - 2011-09-30 15:21 - 0710656 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-12 18:56 - 2011-09-30 15:21 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-10-12 18:56 - 2011-09-30 15:21 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-12 18:56 - 2011-09-30 15:21 - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-12 18:56 - 2011-09-30 15:21 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 2350592 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 12476928 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 0459776 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 0252416 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-10-12 18:56 - 2011-09-30 15:20 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-10-12 18:56 - 2011-09-30 15:06 - 1212416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-10-12 18:56 - 2011-09-30 15:06 - 0916480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-10-12 18:56 - 2011-09-30 15:06 - 0105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-10-12 18:56 - 2011-09-30 15:04 - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-10-12 18:56 - 2011-09-30 15:03 - 0611840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-10-12 18:56 - 2011-09-30 15:02 - 5971456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-10-12 18:56 - 2011-09-30 15:02 - 0602112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-12 18:56 - 2011-09-30 15:02 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-10-12 18:56 - 2011-09-30 15:02 - 0055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-12 18:56 - 2011-09-30 15:02 - 0043520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 2000384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 1469440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-10-12 18:56 - 2011-09-30 15:01 - 11081728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0387584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0184320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0055808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-10-12 18:56 - 2011-09-30 15:01 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-10-12 18:56 - 2011-09-30 14:29 - 0479232 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-12 18:56 - 2011-09-30 14:07 - 0385024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-12 18:56 - 2011-09-30 13:48 - 0162816 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-10-12 18:56 - 2011-09-30 13:47 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-10-12 18:56 - 2011-09-30 13:47 - 0070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-10-12 18:56 - 2011-09-30 13:47 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-12 18:56 - 2011-09-30 13:29 - 0174080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-10-12 18:56 - 2011-09-30 13:29 - 0133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-10-12 18:56 - 2011-09-30 13:29 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-12 18:56 - 2011-09-30 13:28 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-10-12 18:52 - 2011-09-06 05:56 - 2764288 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-10-12 18:46 - 2011-08-25 08:20 - 0735744 ____A (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2011-10-12 18:46 - 2011-08-25 08:19 - 0847360 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-10-12 18:46 - 2011-08-25 08:19 - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-10-12 18:46 - 2011-08-25 08:15 - 0555520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2011-10-12 18:46 - 2011-08-25 08:14 - 0563712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-10-12 18:46 - 2011-08-25 08:14 - 0238080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-10-12 18:46 - 2011-08-25 05:54 - 0004096 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
2011-10-12 18:46 - 2011-08-25 05:31 - 0004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2011-10-12 18:45 - 2011-07-29 08:08 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-10-12 18:45 - 2011-07-29 08:08 - 0289792 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-10-12 18:45 - 2011-07-29 08:06 - 0100352 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-10-12 18:45 - 2011-07-29 08:06 - 0073216 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-10-12 18:45 - 2011-07-29 08:01 - 0293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-10-12 18:45 - 2011-07-29 08:01 - 0217088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-10-12 18:45 - 2011-07-29 08:00 - 0069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-10-12 18:45 - 2011-07-29 08:00 - 0057856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-10-12 08:40 - 2011-10-12 08:40 - 0012300 ____A C:\ComboFix.txt
2011-10-12 08:33 - 2011-10-12 08:33 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-12 08:31 - 2011-10-12 08:31 - 0000000 ____D C:\Windows\system64
2011-10-12 08:28 - 2011-10-12 08:28 - 0000080 ____A C:\Users\Eddie\Desktop\catchme.log
2011-10-12 07:54 - 2011-10-12 07:55 - 4255709 ____R (Swearware) C:\Users\Eddie\Desktop\ComboFix.exe
2011-10-10 18:16 - 2011-10-10 18:16 - 2429889 ____A C:\Users\Eddie\Downloads\AE Pilot Interview - Oct 25 - Edward Hannan.zip
2011-10-10 08:34 - 2011-10-13 11:23 - 4251828224 __ASH C:\hiberfil.sys
2011-10-09 08:10 - 2011-10-09 08:11 - 0012442 ____A C:\Users\Eddie\Desktop\MBRCheck_10.09.11_12.10.49.txt
2011-10-09 08:10 - 2011-10-09 08:10 - 0012442 ____A C:\Users\Eddie\Desktop\MBRCheck_10.09.11_12.10.09.txt
2011-10-09 08:09 - 2011-10-09 08:09 - 0080384 ____A C:\Users\Eddie\Desktop\MBRCheck.exe
2011-10-08 13:36 - 2011-10-08 13:36 - 0648214 ____A C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
2011-10-08 13:17 - 2011-10-08 13:17 - 0071116 ____A C:\TDSSKiller.2.6.6.0_08.10.2011_17.17.17_log.txt
2011-10-08 13:17 - 2011-10-08 13:17 - 0000000 ____D C:\Users\Eddie\Desktop\tdsskiller
2011-10-08 13:16 - 2011-10-08 13:16 - 1539630 ____A C:\Users\Eddie\Desktop\tdsskiller.zip
2011-10-08 13:13 - 2011-10-08 13:13 - 0102064 ____A (ESET) C:\Users\Eddie\Downloads\ESETSirefefRemover.exe
2011-10-08 13:02 - 2011-10-08 13:13 - 0000745 ____A C:\Users\Eddie\Desktop\AntiZeroAccess_Log.txt
2011-10-08 13:01 - 2011-10-08 13:01 - 0187464 ____A (Webroot) C:\Users\Eddie\Desktop\antizeroaccess.exe
2011-10-07 06:06 - 2011-10-07 06:06 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2011-10-07 06:06 - 2011-10-07 06:06 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2011-10-07 06:04 - 2011-10-07 06:05 - 98668152 ____A C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
2011-10-07 06:01 - 2011-10-07 06:01 - 0002316 ____A C:\Users\Eddie\Desktop\h29MRNfE.htm.part
2011-10-06 13:36 - 2011-10-06 13:36 - 0681545 ____A C:\Users\Eddie\Desktop\OTL (2).zip
2011-10-06 13:30 - 2011-10-06 13:30 - 0681545 ____A C:\Users\Eddie\Desktop\OTL.zip
2011-10-05 09:28 - 2011-10-12 12:45 - 0083294 ____A C:\Users\Eddie\Desktop\OTL.Txt
2011-10-05 08:55 - 2011-10-05 08:55 - 0266680 ____A C:\Windows\Minidump\Mini100511-02.dmp
2011-10-05 08:51 - 2011-10-09 14:47 - 0285680 ____A C:\Windows\ntbtlog.txt
2011-10-05 08:51 - 2011-10-05 08:52 - 0266680 ____A C:\Windows\Minidump\Mini100511-01.dmp
2011-10-05 08:44 - 2011-10-05 08:47 - 0071138 ____A C:\TDSSKiller.2.6.4.0_05.10.2011_12.44.50_log.txt
2011-10-05 08:32 - 2011-10-05 08:33 - 1916416 ____A (AVAST Software) C:\Users\Eddie\Desktop\aswMBR.exe
2011-10-04 07:42 - 2011-10-04 07:42 - 0633966 ____A C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
2011-10-03 17:19 - 2011-10-04 06:27 - 0011728 ____A C:\Users\Eddie\Desktop\Combofix log.txt
2011-10-01 18:10 - 2011-10-01 18:11 - 14045800 ____A (Mozilla) C:\Users\Eddie\Downloads\Firefox Setup 7.0.1.exe
2011-10-01 17:45 - 2011-10-01 17:47 - 0071116 ____A C:\TDSSKiller.2.6.2.0_01.10.2011_21.45.15_log.txt
2011-10-01 17:44 - 2011-10-01 17:44 - 1529134 ____A C:\Users\Eddie\Downloads\tdsskiller.zip
2011-10-01 17:44 - 2011-10-01 17:44 - 0000000 ____D C:\Users\Eddie\Desktop\GooredFix Backups
2011-10-01 17:43 - 2011-10-01 17:43 - 0071398 ____A (jpshortstuff) C:\Users\Eddie\Downloads\GooredFix.exe
2011-10-01 17:30 - 2011-10-01 17:30 - 0522752 ____A (OldTimer Tools) C:\Users\Eddie\Downloads\OTM.exe
2011-10-01 17:30 - 2011-10-01 17:30 - 0000000 ____D C:\_OTM
2011-09-30 09:11 - 2011-10-09 19:08 - 0000732 ____A C:\Users\Eddie\AppData\Local\d3d9caps64.dat
2011-09-30 09:02 - 2011-10-09 08:14 - 0000000 ____D C:\Windows\pss
2011-09-29 13:06 - 2011-09-29 13:06 - 0063702 ____A C:\Users\Eddie\Desktop\Extras.Txt
2011-09-29 13:05 - 2011-09-29 13:05 - 0000000 ____D C:\_OTL
2011-09-28 14:47 - 2011-09-29 11:25 - 0063702 ____A C:\Users\Eddie\Downloads\Extras.Txt
2011-09-28 14:46 - 2011-10-04 11:45 - 0093392 ____A C:\Users\Eddie\Downloads\OTL.Txt
2011-09-28 14:46 - 2011-09-28 14:46 - 0367616 ____A (Avira GmbH) C:\Users\Eddie\Downloads\removaltool-win32-en.exe
2011-09-28 14:38 - 2011-09-28 14:38 - 0582656 ____A (OldTimer Tools) C:\Users\Eddie\Desktop\OTL.exe
2011-09-28 13:57 - 2011-10-12 08:40 - 0000000 ____D C:\Qoobox
2011-09-28 13:57 - 2011-10-12 08:33 - 0000000 ____D C:\Windows\ERDNT
2011-09-28 13:57 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2011-09-28 13:57 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2011-09-28 13:57 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-09-28 13:57 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-09-28 13:57 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-09-28 13:57 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2011-09-28 13:57 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2011-09-28 13:57 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2011-09-28 11:32 - 2011-09-28 11:32 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\Users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-28 11:32 - 2011-08-31 13:00 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-09-28 10:43 - 2011-09-28 10:43 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Eddie\Downloads\mbam-setup-1.51.2.1300.exe
2011-09-28 09:51 - 2011-09-28 09:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-09-28 09:49 - 2011-09-28 14:33 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-09-28 09:49 - 2011-09-28 14:33 - 0000000 ____D C:\ProgramData\Lavasoft
2011-09-28 09:35 - 2011-09-28 09:35 - 0022972 ____A C:\Users\Eddie\AVSCAN-20110928-110852-C50F2323.LOG
2011-09-28 06:50 - 2011-09-28 06:51 - 10268672 ____A C:\Users\Eddie\Downloads\Ad-Aware95Install.msi
2011-09-27 18:42 - 2011-09-27 18:42 - 0000021 ____A C:\Windows\tpcsd
2011-09-27 18:38 - 2011-09-27 18:41 - 42153855 ____A (spydig.com, Inc. ) C:\Users\Eddie\Downloads\Spydig_Setup.exe
2011-09-13 18:03 - 2011-09-13 18:03 - 0094256 ____A C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg

============ 3 Months Modified Files and Folders =============

2011-10-13 15:29 - 2011-10-13 15:29 - 0000000 ____D C:\FRST
2011-10-13 11:25 - 2006-11-02 07:42 - 0032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-13 11:25 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-13 11:24 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-13 11:24 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-13 11:23 - 2011-10-10 08:34 - 4251828224 __ASH C:\hiberfil.sys
2011-10-13 11:15 - 2009-06-20 14:13 - 1199111 ____A C:\Windows\WindowsUpdate.log
2011-10-13 11:06 - 2006-11-02 04:46 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-13 11:02 - 2006-11-02 07:27 - 0205962 ____A C:\Windows\setupact.log
2011-10-13 04:57 - 2006-11-02 07:21 - 0399024 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-13 04:55 - 2009-06-20 19:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 19:17 - 2006-11-02 04:35 - 50086344 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-10-12 12:45 - 2011-10-05 09:28 - 0083294 ____A C:\Users\Eddie\Desktop\OTL.Txt
2011-10-12 08:40 - 2011-10-12 08:40 - 0012300 ____A C:\ComboFix.txt
2011-10-12 08:40 - 2011-09-28 13:57 - 0000000 ____D C:\Qoobox
2011-10-12 08:33 - 2011-10-12 08:33 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-12 08:33 - 2011-09-28 13:57 - 0000000 ____D C:\Windows\ERDNT
2011-10-12 08:33 - 2006-11-02 04:34 - 0000215 ____A C:\Windows\system.ini
2011-10-12 08:31 - 2011-10-12 08:31 - 0000000 ____D C:\Windows\system64
2011-10-12 08:31 - 2008-01-20 19:26 - 0492840 ____A C:\Windows\PFRO.log
2011-10-12 08:28 - 2011-10-12 08:28 - 0000080 ____A C:\Users\Eddie\Desktop\catchme.log
2011-10-12 07:55 - 2011-10-12 07:54 - 4255709 ____R (Swearware) C:\Users\Eddie\Desktop\ComboFix.exe
2011-10-10 18:16 - 2011-10-10 18:16 - 2429889 ____A C:\Users\Eddie\Downloads\AE Pilot Interview - Oct 25 - Edward Hannan.zip
2011-10-09 19:08 - 2011-09-30 09:11 - 0000732 ____A C:\Users\Eddie\AppData\Local\d3d9caps64.dat
2011-10-09 14:47 - 2011-10-05 08:51 - 0285680 ____A C:\Windows\ntbtlog.txt
2011-10-09 08:14 - 2011-09-30 09:02 - 0000000 ____D C:\Windows\pss
2011-10-09 08:11 - 2011-10-09 08:10 - 0012442 ____A C:\Users\Eddie\Desktop\MBRCheck_10.09.11_12.10.49.txt
2011-10-09 08:10 - 2011-10-09 08:10 - 0012442 ____A C:\Users\Eddie\Desktop\MBRCheck_10.09.11_12.10.09.txt
2011-10-09 08:09 - 2011-10-09 08:09 - 0080384 ____A C:\Users\Eddie\Desktop\MBRCheck.exe
2011-10-08 13:36 - 2011-10-08 13:36 - 0648214 ____A C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
2011-10-08 13:17 - 2011-10-08 13:17 - 0071116 ____A C:\TDSSKiller.2.6.6.0_08.10.2011_17.17.17_log.txt
2011-10-08 13:17 - 2011-10-08 13:17 - 0000000 ____D C:\Users\Eddie\Desktop\tdsskiller
2011-10-08 13:16 - 2011-10-08 13:16 - 1539630 ____A C:\Users\Eddie\Desktop\tdsskiller.zip
2011-10-08 13:13 - 2011-10-08 13:13 - 0102064 ____A (ESET) C:\Users\Eddie\Downloads\ESETSirefefRemover.exe
2011-10-08 13:13 - 2011-10-08 13:02 - 0000745 ____A C:\Users\Eddie\Desktop\AntiZeroAccess_Log.txt
2011-10-08 13:01 - 2011-10-08 13:01 - 0187464 ____A (Webroot) C:\Users\Eddie\Desktop\antizeroaccess.exe
2011-10-07 06:06 - 2011-10-07 06:06 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2011-10-07 06:06 - 2011-10-07 06:06 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2011-10-07 06:05 - 2011-10-07 06:04 - 98668152 ____A C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
2011-10-07 06:01 - 2011-10-07 06:01 - 0002316 ____A C:\Users\Eddie\Desktop\h29MRNfE.htm.part
2011-10-06 13:36 - 2011-10-06 13:36 - 0681545 ____A C:\Users\Eddie\Desktop\OTL (2).zip
2011-10-06 13:30 - 2011-10-06 13:30 - 0681545 ____A C:\Users\Eddie\Desktop\OTL.zip
2011-10-05 08:55 - 2011-10-05 08:55 - 0266680 ____A C:\Windows\Minidump\Mini100511-02.dmp
2011-10-05 08:55 - 2009-08-09 07:59 - 0000000 ____D C:\Windows\Minidump
2011-10-05 08:54 - 2009-08-09 07:58 - 408035674 ____A C:\Windows\MEMORY.DMP
2011-10-05 08:52 - 2011-10-05 08:51 - 0266680 ____A C:\Windows\Minidump\Mini100511-01.dmp
2011-10-05 08:47 - 2011-10-05 08:44 - 0071138 ____A C:\TDSSKiller.2.6.4.0_05.10.2011_12.44.50_log.txt
2011-10-05 08:33 - 2011-10-05 08:32 - 1916416 ____A (AVAST Software) C:\Users\Eddie\Desktop\aswMBR.exe
2011-10-04 11:45 - 2011-09-28 14:46 - 0093392 ____A C:\Users\Eddie\Downloads\OTL.Txt
2011-10-04 07:42 - 2011-10-04 07:42 - 0633966 ____A C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
2011-10-04 07:13 - 2010-01-25 18:05 - 0000486 ____A C:\Windows\ODBC.INI
2011-10-04 06:27 - 2011-10-03 17:19 - 0011728 ____A C:\Users\Eddie\Desktop\Combofix log.txt
2011-10-03 14:52 - 2010-11-17 20:36 - 0000000 ____D C:\Users\Eddie\AppData\Local\Windows Live
2011-10-02 17:45 - 2009-09-01 10:56 - 0044544 ____A C:\Users\Eddie\Desktop\Hannan Flight Resume.doc
2011-10-02 15:15 - 2011-08-17 10:32 - 0082929 ____A C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
2011-10-01 18:27 - 2009-06-27 15:11 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-10-01 18:27 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2011-10-01 18:27 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2011-10-01 18:11 - 2011-10-01 18:10 - 14045800 ____A (Mozilla) C:\Users\Eddie\Downloads\Firefox Setup 7.0.1.exe
2011-10-01 17:47 - 2011-10-01 17:45 - 0071116 ____A C:\TDSSKiller.2.6.2.0_01.10.2011_21.45.15_log.txt
2011-10-01 17:44 - 2011-10-01 17:44 - 1529134 ____A C:\Users\Eddie\Downloads\tdsskiller.zip
2011-10-01 17:44 - 2011-10-01 17:44 - 0000000 ____D C:\Users\Eddie\Desktop\GooredFix Backups
2011-10-01 17:43 - 2011-10-01 17:43 - 0071398 ____A (jpshortstuff) C:\Users\Eddie\Downloads\GooredFix.exe
2011-10-01 17:30 - 2011-10-01 17:30 - 0522752 ____A (OldTimer Tools) C:\Users\Eddie\Downloads\OTM.exe
2011-10-01 17:30 - 2011-10-01 17:30 - 0000000 ____D C:\_OTM
2011-09-30 15:25 - 2011-10-12 18:56 - 1488384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-09-30 15:25 - 2011-10-12 18:56 - 1147904 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-09-30 15:25 - 2011-10-12 18:56 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-09-30 15:23 - 2011-10-12 18:56 - 0243712 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-09-30 15:22 - 2011-10-12 18:56 - 1062912 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-09-30 15:21 - 2011-10-12 18:56 - 9284096 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 15:21 - 2011-10-12 18:56 - 1538560 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-09-30 15:21 - 2011-10-12 18:56 - 0710656 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-09-30 15:21 - 2011-10-12 18:56 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-09-30 15:21 - 2011-10-12 18:56 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-09-30 15:21 - 2011-10-12 18:56 - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-09-30 15:21 - 2011-10-12 18:56 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 2350592 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 12476928 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 0459776 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 0252416 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-09-30 15:20 - 2011-10-12 18:56 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-09-30 15:06 - 2011-10-12 18:56 - 1212416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-09-30 15:06 - 2011-10-12 18:56 - 0916480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-09-30 15:06 - 2011-10-12 18:56 - 0105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-09-30 15:04 - 2011-10-12 18:56 - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-09-30 15:03 - 2011-10-12 18:56 - 0611840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-09-30 15:02 - 2011-10-12 18:56 - 5971456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-09-30 15:02 - 2011-10-12 18:56 - 0602112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-09-30 15:02 - 2011-10-12 18:56 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-09-30 15:02 - 2011-10-12 18:56 - 0055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-09-30 15:02 - 2011-10-12 18:56 - 0043520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 2000384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 1469440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-09-30 15:01 - 2011-10-12 18:56 - 11081728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0387584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0184320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0055808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-09-30 15:01 - 2011-10-12 18:56 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-09-30 14:29 - 2011-10-12 18:56 - 0479232 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-09-30 14:07 - 2011-10-12 18:56 - 0385024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-09-30 13:48 - 2011-10-12 18:56 - 0162816 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-09-30 13:47 - 2011-10-12 18:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 13:47 - 2011-10-12 18:56 - 0070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-09-30 13:47 - 2011-10-12 18:56 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-09-30 13:29 - 2011-10-12 18:56 - 0174080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-09-30 13:29 - 2011-10-12 18:56 - 0133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-09-30 13:29 - 2011-10-12 18:56 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-09-30 13:28 - 2011-10-12 18:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-09-30 09:05 - 2009-06-29 18:30 - 0044544 ____A C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-29 13:06 - 2011-09-29 13:06 - 0063702 ____A C:\Users\Eddie\Desktop\Extras.Txt
2011-09-29 13:05 - 2011-09-29 13:05 - 0000000 ____D C:\_OTL
2011-09-29 11:25 - 2011-09-28 14:47 - 0063702 ____A C:\Users\Eddie\Downloads\Extras.Txt
2011-09-28 14:46 - 2011-09-28 14:46 - 0367616 ____A (Avira GmbH) C:\Users\Eddie\Downloads\removaltool-win32-en.exe
2011-09-28 14:38 - 2011-09-28 14:38 - 0582656 ____A (OldTimer Tools) C:\Users\Eddie\Desktop\OTL.exe
2011-09-28 14:33 - 2011-09-28 09:49 - 0000000 ____D C:\Users\All Users\Lavasoft
2011-09-28 14:33 - 2011-09-28 09:49 - 0000000 ____D C:\ProgramData\Lavasoft
2011-09-28 14:30 - 2009-06-26 14:14 - 0000000 ____D C:\Users\Eddie\Tracing
2011-09-28 14:25 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Default
2011-09-28 14:25 - 2006-11-02 05:33 - 0000000 ___RD C:\users\Public
2011-09-28 11:32 - 2011-09-28 11:32 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\Users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-28 11:32 - 2011-09-28 11:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-28 10:43 - 2011-09-28 10:43 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Eddie\Downloads\mbam-setup-1.51.2.1300.exe
2011-09-28 09:51 - 2011-09-28 09:51 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2011-09-28 09:35 - 2011-09-28 09:35 - 0022972 ____A C:\Users\Eddie\AVSCAN-20110928-110852-C50F2323.LOG
2011-09-28 09:35 - 2009-06-26 15:10 - 0000000 ____D C:\users\Eddie
2011-09-28 06:51 - 2011-09-28 06:50 - 10268672 ____A C:\Users\Eddie\Downloads\Ad-Aware95Install.msi
2011-09-27 18:42 - 2011-09-27 18:42 - 0000021 ____A C:\Windows\tpcsd
2011-09-27 18:41 - 2011-09-27 18:38 - 42153855 ____A (spydig.com, Inc. ) C:\Users\Eddie\Downloads\Spydig_Setup.exe
2011-09-22 07:47 - 2011-06-22 08:45 - 0000000 ____D C:\Users\Eddie\AppData\Roaming\Skype
2011-09-13 18:03 - 2011-09-13 18:03 - 0094256 ____A C:\Users\Eddie\Desktop\walking-dead-zombie-gnome.jpg
2011-09-13 13:39 - 2009-06-26 14:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-09-13 13:39 - 2009-06-26 14:19 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-09-11 12:21 - 2011-09-11 12:21 - 1491909 ____A C:\Users\Eddie\Downloads\XvidSetup.exe
2011-09-09 17:49 - 2010-05-07 15:54 - 0000000 ____D C:\Users\Eddie\Desktop\Job App Files
2011-09-06 06:14 - 2011-09-06 06:14 - 0000000 ____D C:\Windows\en
2011-09-06 06:11 - 2009-06-20 19:49 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-09-06 06:10 - 2011-09-06 06:10 - 0000000 ____D C:\Program Files\Windows Live
2011-09-06 06:09 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-09-06 06:08 - 2009-06-20 19:51 - 0222336 ____A C:\Windows\DirectX.log
2011-09-06 05:56 - 2011-10-12 18:52 - 2764288 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-04 19:02 - 2011-09-04 19:02 - 0026786 ____A C:\Users\Eddie\Desktop\PinkElephant.jpg
2011-09-02 04:05 - 2011-09-02 04:05 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DB7B2CE5-D70B-4F01-A197-6C7033A54329}
2011-09-01 19:30 - 2011-09-01 19:30 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8E5D5807-4707-4C51-946C-AACBA06BFB20}
2011-09-01 19:28 - 2011-09-01 19:28 - 0000000 ____D C:\Users\Eddie\AppData\Local\{9CB3BB1C-6EA2-4EF5-BD0B-8116C20E8887}
2011-09-01 19:28 - 2011-09-01 19:27 - 0000000 ____D C:\Users\Eddie\AppData\Local\{E653CAF0-496E-4E76-A396-756E886539A4}
2011-09-01 04:39 - 2011-09-01 04:39 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B211A0E3-8095-476E-842C-48401B5D8351}
2011-09-01 04:39 - 2011-09-01 04:39 - 0000000 ____D C:\Users\Eddie\AppData\Local\{81E7A1BB-065E-471D-BDD2-6C994503FE81}
2011-09-01 04:35 - 2011-09-01 04:35 - 0000000 ____D C:\Users\Eddie\AppData\Local\{42CEA2D7-41B8-4565-8A25-6DBAB308A468}
2011-08-31 17:58 - 2011-08-31 17:58 - 0000000 ____D C:\Users\Eddie\AppData\Local\{C303B616-0EE8-48A2-9854-1D5207316F53}
2011-08-31 17:58 - 2011-08-31 17:58 - 0000000 ____D C:\Users\Eddie\AppData\Local\{4DB1BB39-9FCD-4D04-8842-98428346B3BD}
2011-08-31 14:19 - 2011-08-31 14:19 - 0000000 ____D C:\Users\Eddie\AppData\Local\{BD5A929A-FA49-4B61-9A50-D4AFAC3DBDA8}
2011-08-31 14:19 - 2011-08-31 14:19 - 0000000 ____D C:\Users\Eddie\AppData\Local\{97DDE629-3984-45EC-B158-BC817AA78E41}
2011-08-31 13:00 - 2011-09-28 11:32 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-31 12:35 - 2011-08-31 12:35 - 0000000 ____D C:\Users\Eddie\AppData\Local\{51B88B58-90C9-44C1-B958-8B785BC37A00}
2011-08-31 12:35 - 2011-08-31 12:35 - 0000000 ____D C:\Users\Eddie\AppData\Local\{11C458FE-E68F-499D-9B1A-56A9DA2797C8}
2011-08-31 09:44 - 2011-08-31 09:44 - 0000000 ____D C:\Users\Eddie\AppData\Local\{76970132-F5A1-476B-B7EF-2FA8A8731F65}
2011-08-31 09:44 - 2011-08-31 09:44 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0A3AB243-7AD1-4990-B5E3-5663E1E135C9}
2011-08-31 09:42 - 2011-08-31 09:42 - 0000000 ____D C:\Users\Eddie\AppData\Local\{F6B33098-AE0B-44D2-A138-B97E4319F664}
2011-08-31 09:42 - 2011-08-31 09:42 - 0000000 ____D C:\Users\Eddie\AppData\Local\{C617D84A-36CE-4BED-9D7F-F9B0D663325B}
2011-08-31 09:22 - 2011-08-31 09:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{41632A6C-F1D7-46B2-9BBF-932D32E06295}
2011-08-31 09:21 - 2011-08-31 09:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DD90017E-C3A3-43FC-9723-AB92D2A67954}
2011-08-30 16:07 - 2011-08-30 16:07 - 0000000 ____D C:\Users\Eddie\AppData\Local\{7D6160E2-04E6-49A2-9DC6-17B6DC30AB16}
2011-08-30 16:07 - 2011-08-30 16:07 - 0000000 ____D C:\Users\Eddie\AppData\Local\{6472530F-FAB9-4997-A566-CF171065790D}
2011-08-30 13:49 - 2011-08-30 13:49 - 0000000 ____D C:\Users\Eddie\AppData\Local\{AD8B5835-77CC-4450-8599-9C9182B11E7A}
2011-08-30 13:49 - 2011-08-30 13:48 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D54A1776-17E0-44D7-B82D-1928080D919D}
2011-08-30 08:14 - 2011-08-30 08:14 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B1CEBF7D-362E-4963-B120-9B0096D772C9}
2011-08-30 08:14 - 2011-08-30 08:14 - 0000000 ____D C:\Users\Eddie\AppData\Local\{25244FF0-E59C-4463-9787-03E88FB6AF7F}
2011-08-30 08:12 - 2011-08-30 08:12 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D0011CC4-9E5C-4A24-9C28-9FD08B1D0E8B}
2011-08-30 08:12 - 2011-08-30 08:11 - 0000000 ____D C:\Users\Eddie\AppData\Local\{C8EE4508-BBF7-41FB-9848-8BDF837150C8}
2011-08-29 18:47 - 2011-08-29 18:47 - 0000000 ____D C:\Users\Eddie\AppData\Local\{06468120-8B12-45D5-879D-FFDD41D37A4A}
2011-08-29 16:26 - 2011-08-29 16:26 - 0000000 ____D C:\Users\Eddie\AppData\Local\{CA7758ED-CE73-467A-B095-1B9C3D384E9E}
2011-08-29 15:26 - 2011-08-29 15:26 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0BDC84F5-8A18-47F7-8413-3823E7F2365C}
2011-08-29 15:26 - 2011-08-29 15:25 - 0000000 ____D C:\Users\Eddie\AppData\Local\{4AB6DB8F-5FD1-4203-B6DA-7475744E13A6}
2011-08-29 15:25 - 2011-08-29 15:23 - 0013399 ____A C:\Users\Eddie\Desktop\Robert M.xlsx
2011-08-29 12:14 - 2011-08-29 12:14 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-08-29 12:14 - 2011-08-29 12:14 - 0000000 ____D C:\Program Files\iTunes
2011-08-29 12:14 - 2011-08-29 12:14 - 0000000 ____D C:\Program Files\iPod
2011-08-29 12:14 - 2011-08-29 12:14 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-08-29 12:11 - 2011-08-29 12:10 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-08-29 12:10 - 2011-08-29 12:10 - 0001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-08-29 07:41 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-08-29 07:28 - 2011-08-29 07:28 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3A243A4E-1D7B-4CA3-8B14-73A9D576E0AD}
2011-08-29 07:28 - 2011-08-29 07:28 - 0000000 ____D C:\Users\Eddie\AppData\Local\{067FD6BE-4303-4156-B32D-E26CFA45DD24}
2011-08-29 07:27 - 2011-08-29 07:27 - 0000000 ____D C:\Users\Eddie\AppData\Local\{5754F34A-F80C-4DF2-9EDD-0EEFAE6C6E10}
2011-08-29 07:27 - 2011-08-29 07:26 - 0000000 ____D C:\Users\Eddie\AppData\Local\{F262B1C3-A23B-46C2-8B20-C050F46222DB}
2011-08-28 17:53 - 2011-08-28 17:53 - 0000000 ____D C:\Users\Eddie\AppData\Local\{75BE63E7-C726-42EF-B19B-2CCF151C7567}
2011-08-28 16:52 - 2011-08-28 16:52 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3E195591-F939-4249-805E-3F350F63F496}
2011-08-28 13:52 - 2011-08-28 13:52 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DB3367FA-3DFC-43FA-91FE-5CD9206FDA6E}
2011-08-28 13:52 - 2011-08-28 13:51 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8E7CB994-D49E-40F1-AA17-41B038D7E015}
2011-08-28 12:42 - 2011-08-28 12:41 - 0000000 ____D C:\Users\Eddie\AppData\Local\{518C9A4A-21C6-4203-AB82-492270D9D907}
2011-08-28 12:41 - 2011-08-28 12:41 - 0000000 ____D C:\Users\Eddie\AppData\Local\{5FBD484C-D852-4DA7-AEB6-2F1A9890D63D}
2011-08-27 20:30 - 2011-08-27 20:30 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-08-27 20:22 - 2011-08-27 20:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{EE707D16-7855-4442-A320-F32AB538CCE1}
2011-08-27 20:21 - 2011-08-27 20:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DDC8E8DD-402C-48FA-BF43-6EF5B4E40575}
2011-08-25 08:20 - 2011-10-12 18:46 - 0735744 ____A (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2011-08-25 08:19 - 2011-10-12 18:46 - 0847360 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-25 08:19 - 2011-10-12 18:46 - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-25 08:15 - 2011-10-12 18:46 - 0555520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2011-08-25 08:14 - 2011-10-12 18:46 - 0563712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-25 08:14 - 2011-10-12 18:46 - 0238080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-25 05:54 - 2011-10-12 18:46 - 0004096 ____A (Microsoft Corporation) C:\Windows\System32\oleaccrc.dll
2011-08-25 05:31 - 2011-10-12 18:46 - 0004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2011-08-19 21:38 - 2009-08-03 08:52 - 0000680 ____A C:\Users\Eddie\AppData\Local\d3d9caps.dat
2011-08-19 21:08 - 2011-08-19 21:08 - 0000000 ____D C:\Users\Eddie\AppData\Local\{FDE21AA3-F53E-4674-848A-D0E61D6E23CB}
2011-08-19 21:08 - 2011-08-19 21:08 - 0000000 ____D C:\Users\Eddie\AppData\Local\{E0AC136B-127F-4770-A626-8A6E6985F834}
2011-08-19 13:59 - 2011-08-19 13:59 - 0000000 ____D C:\Program Files\Bonjour
2011-08-19 13:59 - 2011-08-19 13:59 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-08-19 12:43 - 2011-08-19 12:43 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-08-19 02:06 - 2011-08-19 02:06 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D48A3F26-B9F6-4389-966B-410F2EA8FAAD}
2011-08-18 10:35 - 2011-08-18 10:35 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2157F8F1-2996-4676-9D58-6B49706A22CC}
2011-08-18 10:28 - 2011-08-18 10:28 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D8D275E2-4874-40A9-AF9C-CFC796C842AF}
2011-08-18 06:00 - 2011-08-18 06:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{9F4BFDBB-4979-4538-9AA0-5D5F88D59364}
2011-08-18 06:00 - 2011-08-18 06:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0D7B499B-EDAA-4482-9CE7-6818F3CAA79B}
2011-08-17 17:57 - 2011-08-17 17:57 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3D99247F-CD48-4F57-A936-D7B444716C8E}
2011-08-17 17:57 - 2011-08-17 17:56 - 0000000 ____D C:\Users\Eddie\AppData\Local\{362D9E41-B7A8-430B-B849-2B588D4CE178}
2011-08-17 14:33 - 2011-08-17 14:33 - 0000000 ____D C:\Users\Eddie\AppData\Local\{7B0AE401-2B1B-424C-92E6-4E9918CE686B}
2011-08-17 09:45 - 2011-08-17 09:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{F09190C2-6BDA-44CC-8D62-478EBD4F07C9}
2011-08-17 09:45 - 2011-08-17 09:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DD127E1A-3E90-419C-A142-7AAA51A8DDB4}
2011-08-16 19:01 - 2011-08-16 19:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{80BB7565-47D1-443B-9131-5C04BB970B8C}
2011-08-16 19:00 - 2011-08-16 19:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D1DBA154-AED7-45B0-BDA6-FD0C95AE529F}
2011-08-16 17:44 - 2011-08-16 12:46 - 0000000 ____D C:\Users\Eddie\AppData\Local\Solid State Networks
2011-08-16 17:43 - 2011-08-16 17:43 - 0000000 ____D C:\Users\Eddie\AppData\Local\{A23F1B2E-B102-4C96-B456-527F71157699}
2011-08-16 17:43 - 2011-08-16 17:43 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3366F835-E704-4A92-82F0-C6FE9634F1D9}
2011-08-16 17:43 - 2011-07-07 11:53 - 0008826 ____A C:\Users\Eddie\Desktop\Geronimo Flying Log.xlsx
2011-08-16 17:22 - 2011-08-16 17:22 - 0000000 ____D C:\Users\Eddie\AppData\Local\{09CE4B04-67BB-49CE-8D70-C4BEB62EAA84}
2011-08-16 17:22 - 2011-08-16 17:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{027A70BC-4FE3-4616-8E65-E1272CA105A6}
2011-08-16 16:37 - 2011-08-16 16:36 - 0000000 ____D C:\Users\Eddie\AppData\Local\{926F1BD1-83E5-4D21-87A2-082D154DD6A4}
2011-08-16 16:36 - 2011-08-16 16:36 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2DF18813-6B90-4BBE-9346-D0484ACC44D0}
2011-08-16 12:55 - 2011-08-16 12:55 - 0000000 ____D C:\Users\Eddie\AppData\Local\{9403CF8E-91C8-4152-9280-B57783434EA1}
2011-08-16 11:24 - 2011-08-16 11:24 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0FD25195-EA82-4F42-B961-22D7F8BB34AF}
2011-08-16 11:24 - 2011-08-16 11:23 - 0000000 ____D C:\Users\Eddie\AppData\Local\{ADCB5444-7EEB-419A-87C1-3CD44B059DFB}
2011-08-15 18:29 - 2011-08-15 18:29 - 0000000 ____D C:\Users\Eddie\AppData\Local\{FD353999-F465-4EF7-9FF9-418CC537148C}
2011-08-15 18:29 - 2011-08-15 18:29 - 0000000 ____D C:\Users\Eddie\AppData\Local\{9C38871E-5618-494B-B7E0-62E81FB93FDE}
2011-08-15 08:36 - 2011-06-22 08:32 - 0014434 ____A C:\Users\Eddie\Desktop\Geronimo Invoice.xlsx
2011-08-15 06:52 - 2011-08-15 06:52 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B9B62105-C2DD-43C2-B263-C70ACB8F577E}
2011-08-15 06:52 - 2011-08-15 06:52 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8A034C4A-FC39-4F24-BE2B-6295C59D9D4C}
2011-08-15 06:51 - 2011-08-15 06:50 - 0000000 ____D C:\Users\Eddie\AppData\Local\{E51B484F-5C7B-490F-B93B-64B7B9717170}
2011-08-15 06:50 - 2011-08-15 06:50 - 0000000 ____D C:\Users\Eddie\AppData\Local\{49FB7150-D460-4C75-992B-546918E8E4E8}
2011-08-15 06:41 - 2011-08-15 06:41 - 0000165 ___AH C:\Users\Eddie\Desktop\~$Geronimo Invoice.xlsx
2011-08-14 19:00 - 2011-08-14 19:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{9FDDDF38-CCA9-49D3-8B8F-E09FA05C2821}
2011-08-14 19:00 - 2011-08-14 19:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{13260CE4-CDC5-4429-8D91-12B1F6DA0214}
2011-08-13 13:26 - 2011-08-13 13:26 - 0000000 ____D C:\Users\Eddie\AppData\Local\{9971A11B-7E1C-4947-8D8F-CF3B49D5F0E2}
2011-08-13 13:22 - 2011-08-13 13:22 - 0000000 ____D C:\Users\Eddie\AppData\Local\{CD9D652E-AD7E-4962-A64D-D05AA1BE7AF3}
2011-08-13 13:22 - 2011-08-13 13:22 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8F7E68CB-D035-4011-B922-0EED26AE2EEE}
2011-08-12 17:04 - 2011-08-12 17:04 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DABD29B2-8CE8-40F9-9E4D-DEF9A122FFCC}
2011-08-12 17:04 - 2011-08-12 17:04 - 0000000 ____D C:\Users\Eddie\AppData\Local\{22A6545F-EB24-4DE5-B709-CA529C75D463}
2011-08-12 15:21 - 2011-08-12 15:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{29AA754B-3749-44C2-85FB-36EC0504EA28}
2011-08-12 15:21 - 2011-08-12 15:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{156B66BE-5E16-4207-9BD2-BE3E9753C086}
2011-08-12 11:19 - 2011-08-12 11:19 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D19352FE-8967-4905-9193-38D89A4EA84D}
2011-08-12 11:19 - 2011-08-12 11:19 - 0000000 ____D C:\Users\Eddie\AppData\Local\{38AB172F-B9DC-4374-A7F9-678C15C9EA45}
2011-08-12 11:19 - 2011-08-12 11:18 - 0000000 ____D C:\Users\Eddie\AppData\Local\{1382E8BD-7F9A-42CF-A22B-F9E5968DFA91}
2011-08-12 11:18 - 2011-08-12 11:18 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8AA1BD6F-684A-48A2-B2F9-77116AE95F16}
2011-08-12 11:08 - 2011-08-12 11:08 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2C2E24F6-DF20-4927-B345-8E0BB769950A}
2011-08-12 11:07 - 2011-08-12 11:07 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B41D4AA5-CFCA-4E6A-BB58-096D92421829}
2011-08-11 18:45 - 2011-08-11 18:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{DCC1415D-A3FF-4A15-8D43-EFD7ED1712C4}
2011-08-11 18:45 - 2011-08-11 18:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2081DA97-4A65-4EF3-8602-D87BCF5BCE06}
2011-08-11 15:09 - 2011-08-11 15:09 - 0000000 ____D C:\Users\Eddie\AppData\Local\{77881D0D-D1EF-4C7F-8859-EF0C389E58AA}
2011-08-11 15:09 - 2011-08-11 15:09 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2F99AE2B-AA06-49C9-8E98-8DC54223C12E}
2011-08-11 06:37 - 2011-08-11 06:37 - 0000000 ____D C:\Users\Eddie\AppData\Local\{F4201A34-20DE-4462-83A8-77B32085BFED}
2011-08-11 06:37 - 2011-08-11 06:37 - 0000000 ____D C:\Users\Eddie\AppData\Local\{363D1822-4F0D-4F7C-AC5E-8F4A24FA2914}
2011-08-10 18:10 - 2011-08-10 18:09 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3B3AB95A-9CAE-424A-BBC8-36CF856F98F3}
2011-08-10 18:09 - 2011-08-10 18:09 - 0000000 ____D C:\Users\Eddie\AppData\Local\{00878FEB-0DE7-496C-93D3-13D0492ADA3C}
2011-08-10 08:21 - 2011-08-10 08:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{6FD29F1F-CB54-4F63-B761-8D0E58898FF1}
2011-08-10 08:21 - 2011-08-10 08:21 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2384A7DF-A568-4AD7-8775-8F0C4349BBA8}
2011-08-09 16:55 - 2011-08-09 16:55 - 0000000 ____D C:\Users\Eddie\AppData\Local\{10311129-0066-4B31-A4B6-E0F00689DCFF}
2011-08-09 15:06 - 2011-08-09 15:06 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D2835C18-11D2-473B-9944-198B2A7930AE}
2011-08-09 15:06 - 2011-08-09 15:06 - 0000000 ____D C:\Users\Eddie\AppData\Local\{81D74913-601F-436C-8196-EE6B0F8B9D1A}
2011-08-09 12:47 - 2011-08-09 12:47 - 0000000 ____D C:\Users\Eddie\AppData\Local\{5DC4138A-86CA-45BB-892E-4AAB9A8C0237}
2011-08-09 12:47 - 2011-08-09 12:46 - 0000000 ____D C:\Users\Eddie\AppData\Local\{C5423AC0-925D-491E-BABA-1458B1D46DF8}
2011-08-09 09:32 - 2011-08-09 09:32 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0457939D-734F-4A00-96C8-7B0B760DF442}
2011-08-09 09:32 - 2011-08-09 09:31 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2323F7ED-E62C-438D-A249-8C6DC48545F5}
2011-08-09 09:03 - 2011-07-22 08:04 - 0001966 ____A C:\Users\Public\Desktop\Logbook Pro.lnk
2011-08-09 09:03 - 2011-07-22 08:04 - 0000000 ____D C:\Program Files (x86)\Logbook Pro
2011-08-09 08:09 - 2011-08-09 08:08 - 0000000 ____D C:\Users\Eddie\AppData\Local\{595802A3-B35F-41E4-B022-4982CB900961}
2011-08-09 08:08 - 2011-08-09 08:08 - 0000000 ____D C:\Users\Eddie\AppData\Local\{F9DDFEC7-0F82-43C1-A061-0803708E1D5F}
2011-08-09 08:07 - 2011-08-09 08:07 - 0000000 ____D C:\Users\Eddie\AppData\Local\{60B23FE9-3BD0-4F09-A462-EF0E1FA342AD}
2011-08-09 08:07 - 2011-08-09 08:06 - 0000000 ____D C:\Users\Eddie\AppData\Local\{C465E709-F4EA-47DA-9C05-2E0A07A7AF67}
2011-08-08 15:26 - 2011-08-08 15:26 - 0000000 ____D C:\Users\Eddie\AppData\Local\{1B698164-BC67-40A7-B99A-C1E89153EB0B}
2011-08-08 09:00 - 2011-08-08 09:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{EFB8EF8F-8532-45A5-99DF-DD27976CABFD}
2011-08-08 09:00 - 2011-08-08 09:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{98B9B125-D01E-47BB-8070-48801293616D}
2011-08-07 18:12 - 2011-08-07 18:12 - 0000000 ____D C:\Users\Eddie\AppData\Local\{E8BA194E-377E-414C-8B0A-B79527A7C311}
2011-08-07 18:12 - 2011-08-07 18:12 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B80B9909-B10A-47B5-A8FC-127F24243E6B}
2011-08-07 13:36 - 2011-08-07 13:36 - 0000000 ____D C:\Users\Eddie\AppData\Local\{46ABD9BB-C4FF-499D-B1CC-94E36BBF5FA1}
2011-08-07 11:24 - 2011-08-07 11:24 - 0000000 ____D C:\Users\Eddie\AppData\Local\{A8028B18-F510-40AF-A609-D5E4F40CDB44}
2011-08-07 07:48 - 2011-08-07 07:48 - 0000000 ____D C:\Users\Eddie\AppData\Local\{F538B9DE-8D79-4145-9B99-0DA7A1DD04E5}
2011-08-07 07:48 - 2011-08-07 07:48 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B1ADAD92-DAA2-4E20-BF02-75186BC9313F}
2011-08-07 07:48 - 2011-08-07 07:48 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2927880A-29FB-44F3-9988-54550C8B724D}
2011-08-07 07:47 - 2011-08-07 07:47 - 0001972 ____A C:\Windows\IE9_main.log
2011-08-07 07:47 - 2009-06-20 19:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-08-07 07:45 - 2011-08-07 07:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{4E6DFD1D-BCA9-4444-A4FB-51704C583C20}
2011-08-07 07:45 - 2011-08-07 07:44 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B5BED3C7-400F-4C56-AC47-2EA28D41D6F6}
2011-08-06 18:13 - 2011-08-06 18:13 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2ED0A20D-5EE7-47CA-951A-9FA118C53DBB}
2011-08-06 13:31 - 2011-08-06 13:31 - 0000000 ____D C:\Users\Eddie\AppData\Local\{E68DBB38-F648-4394-AEAC-60E031F974F9}
2011-08-06 13:31 - 2011-08-06 13:31 - 0000000 ____D C:\Users\Eddie\AppData\Local\{B38D351C-6BA1-4F99-BA9D-DC7244BA77A4}
2011-08-06 13:03 - 2011-08-06 13:03 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0BE0890F-0664-4213-B401-5CF8949476D5}
2011-08-06 13:03 - 2011-08-06 13:02 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8D5F9364-4DD5-4626-A7A7-F37860B2B82D}
2011-08-06 12:06 - 2011-08-06 12:06 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0D4A026B-B2D5-4D2F-9845-371E8AEDDF61}
2011-08-06 06:59 - 2011-08-06 06:59 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2759E332-2AB6-4732-8C5F-38BC54CC7DDA}
2011-08-06 06:11 - 2011-08-06 06:11 - 0000000 ____D C:\Users\Eddie\AppData\Local\{AFFA8F03-FFE9-4E72-BD70-15070C4EDF2F}
2011-08-05 12:49 - 2011-08-05 12:49 - 0000000 ____D C:\Users\Eddie\AppData\Local\{A214EB69-AAF6-49CB-AB6C-FEC838ACB1BA}
2011-08-05 10:29 - 2011-08-05 10:28 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0C3CCF9E-0F59-4B64-A6E0-B91CF6F12FAD}
2011-08-04 17:29 - 2011-08-04 17:29 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3CFE6922-6136-4744-8111-6CE11FBB6CB2}
2011-08-04 09:45 - 2011-08-04 09:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{A38BE8A9-6A97-46D1-9CA1-E9C7646F4BDD}
2011-08-03 08:06 - 2011-08-03 08:06 - 0000000 ____D C:\Users\Eddie\AppData\Local\{A7BE40FB-9BD5-421C-B0DC-FDFA04BDA119}
2011-08-02 08:00 - 2011-08-02 08:00 - 0000000 ____D C:\Users\Eddie\AppData\Local\{E51B5D4A-50FD-4492-A02B-EE9B0140056F}
2011-08-01 19:30 - 2011-08-01 19:30 - 0000000 ____D C:\Users\Eddie\AppData\Local\{6530DA1F-3F43-4A99-B987-3B318FFF08B8}
2011-08-01 07:05 - 2011-08-01 07:05 - 0000000 ____D C:\Users\Eddie\AppData\Local\{BC86F134-3E07-4769-A8DC-CC34C0E0F2F2}
2011-07-31 06:09 - 2011-07-31 06:09 - 0000000 ____D C:\Users\Eddie\AppData\Local\{5AB2A683-215E-4722-91B6-FD772848D80B}
2011-07-30 06:45 - 2011-07-30 06:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{CFD1A416-F60A-46B7-B5E9-BB93411EEA14}
2011-07-29 13:35 - 2011-07-29 13:35 - 0000000 ____D C:\Users\Eddie\AppData\Local\{927183AA-8EF4-494C-AAC6-6E43632E38DF}
2011-07-29 08:08 - 2011-10-12 18:45 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-07-29 08:08 - 2011-10-12 18:45 - 0289792 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-07-29 08:06 - 2011-10-12 18:45 - 0100352 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-07-29 08:06 - 2011-10-12 18:45 - 0073216 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-07-29 08:01 - 2011-10-12 18:45 - 0293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-07-29 08:01 - 2011-10-12 18:45 - 0217088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-07-29 08:00 - 2011-10-12 18:45 - 0069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-07-29 08:00 - 2011-10-12 18:45 - 0057856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-07-28 14:00 - 2010-02-13 19:55 - 0000000 ____D C:\Users\Eddie\Desktop\Randoms
2011-07-27 10:08 - 2011-07-27 10:08 - 0000000 ____D C:\Users\Eddie\AppData\Local\{490FB06B-EF83-47EA-BF6A-42BB9A8D8393}
2011-07-26 19:47 - 2011-07-26 19:46 - 0000000 ____D C:\Users\Eddie\AppData\Local\{0FA793D7-D93F-485C-ACCC-72B6952F716C}
2011-07-26 06:44 - 2011-07-26 06:44 - 0000000 ____D C:\Users\Eddie\AppData\Local\{8143B4E4-8865-4737-B1C4-61C57796F127}
2011-07-25 13:20 - 2011-07-25 13:20 - 0000000 ____D C:\Users\Eddie\AppData\Local\{2F737154-482E-449F-AE65-51A766401AD2}
2011-07-25 13:19 - 2011-07-25 13:19 - 0000000 ____D C:\Users\Eddie\AppData\Local\{20426EC2-2DE8-4D91-8EB7-27453435574D}
2011-07-24 09:46 - 2011-07-24 09:46 - 0000000 ____D C:\Users\Eddie\AppData\Local\{89B6F0ED-052F-4D4B-876A-4597A538D832}
2011-07-23 09:43 - 2011-07-23 09:43 - 0000000 ____D C:\Users\Eddie\AppData\Local\{35CB9BD6-C4E1-46C3-B9ED-1025861232E4}
2011-07-23 06:48 - 2011-07-23 06:48 - 0000000 ____D C:\Users\Eddie\AppData\Local\{1289FD0A-AB21-49A2-AACA-7C2C250188DD}
2011-07-22 17:36 - 2011-07-22 07:54 - 0082929 ____A C:\Users\Eddie\Documents\Hannan Flight Resume 0722.pdf
2011-07-22 08:12 - 2011-07-22 08:12 - 0024244 ____A C:\Users\Eddie\Downloads\logbook-backup-2011-07-22.tsv.zip
2011-07-22 08:05 - 2011-07-22 08:05 - 0000000 ____D C:\Users\Eddie\Documents\My Logbook Pro Files
2011-07-22 08:03 - 2011-07-22 08:03 - 14330376 ____A (NC Software, Inc. ) C:\Users\Eddie\Downloads\lbproNoMSI.exe
2011-07-22 08:03 - 2011-07-22 08:03 - 0000000 ____D C:\Users\Eddie\AppData\Local\Downloaded Installations
2011-07-22 06:51 - 2011-07-22 06:51 - 0000000 ____D C:\Users\Eddie\AppData\Local\{05C57773-5579-43A7-A8C5-7922E7EDD578}
2011-07-21 06:46 - 2011-07-21 06:45 - 0000000 ____D C:\Users\Eddie\AppData\Local\{79C6B98D-C288-45F5-B01F-F85A242940DF}
2011-07-20 09:35 - 2011-07-20 09:35 - 0000000 ____D C:\Users\Eddie\AppData\Local\{3C880108-5801-483C-BB6B-629C03AF4455}
2011-07-19 06:55 - 2011-07-19 06:55 - 0000000 ____D C:\Users\Eddie\AppData\Local\{47AD65E5-DF5D-4312-A156-4E60029CC0DE}
2011-07-18 09:43 - 2011-07-18 09:43 - 0000000 ____D C:\Users\Eddie\AppData\Local\{D4B419E9-ABF3-42E7-A57E-AE1374AF5EC5}
2011-07-17 18:26 - 2011-07-17 18:26 - 0000000 ____D C:\Users\Eddie\AppData\Local\{56DA81BA-3966-4475-8691-70D425BA1A98}
2011-07-17 18:25 - 2011-07-17 18:25 - 0000000 ____D C:\Users\Eddie\AppData\Local\{007F9FC8-888D-433F-A291-1963258C51BF}
2011-07-16 19:55 - 2011-07-16 19:55 - 0000000 ____D C:\Users\Eddie\AppData\Local\{BC40C417-2351-4FBD-8E73-F732E13F7561}
2011-07-16 07:23 - 2011-07-16 07:23 - 0201177 ____A C:\Users\Eddie\Downloads\Equifax_FACT_Rpt_07162011(2).pdf
2011-07-16 07:20 - 2011-07-16 07:20 - 0109383 ____A C:\Users\Eddie\Downloads\Equifax_FACT_Rpt_07162011.pdf
2011-07-16 06:47 - 2011-07-16 06:47 - 0000000 ____D C:\Users\Eddie\AppData\Local\{CC1A3750-CA51-445B-A3DE-F0908F5133CD}

========================= Known DLLs =========================

[2009-12-03 15:28] - [2009-04-10 23:11] - 1065472 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2009-12-03 15:28] - [2009-04-10 22:28] - 0800768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2008-01-20 18:48] - [2008-01-20 18:48] - 0611328 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 0523776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 0549888 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2009-12-03 15:27] - [2009-04-10 22:28] - 0450560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 0389632 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2009-12-03 15:28] - [2009-04-10 22:26] - 0303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2011-10-12 18:56] - [2011-09-30 15:20] - 2350592 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2011-10-12 18:56] - [2011-09-30 15:01] - 2000384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2008-01-20 18:51] - [2008-01-20 18:51] - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2008-01-20 18:48] - [2008-01-20 18:48] - 0153088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-12-03 15:27] - [2009-04-10 23:11] - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2009-12-03 15:27] - [2009-04-10 22:26] - 0116224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2011-07-12 12:44] - [2011-04-12 08:15] - 1210880 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2011-07-12 12:44] - [2011-04-12 08:11] - 0859648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2008-01-20 18:48] - [2008-01-20 18:48] - 0032768 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-14 16:24] - [2009-04-10 22:26] - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 1040896 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-12-03 15:28] - [2009-04-10 22:28] - 0807424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 0621056 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-12-03 15:28] - [2009-04-10 22:28] - 0679936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2006-11-02 01:05] - [2006-11-02 01:05] - 0003072 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2006-11-02 04:17] - [2006-11-02 00:33] - 0002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2008-01-20 18:49] - [2008-01-20 18:49] - 0011264 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 0008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2010-10-14 14:05] - [2010-06-28 09:21] - 1915904 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2010-10-14 14:05] - [2010-06-28 09:00] - 1316864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2011-10-12 18:46] - [2011-08-25 08:19] - 0847360 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2011-10-12 18:46] - [2011-08-25 08:14] - 0563712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 0016896 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2006-11-02 04:13] - [2006-11-02 01:46] - 0012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2009-06-26 14:28] - [2009-04-23 04:25] - 1305600 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2009-06-26 14:28] - [2009-04-23 04:15] - 0677376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 1925120 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2009-12-03 15:28] - [2009-04-10 22:28] - 1591296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2011-02-09 11:15] - [2011-01-21 08:50] - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2011-02-09 11:15] - [2011-01-21 08:35] - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
[2011-02-09 11:15] - [2011-01-21 08:50] - 0456192 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2011-02-09 11:15] - [2011-01-21 08:35] - 0353280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2011-10-12 18:56] - [2011-09-30 15:25] - 1488384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2011-10-12 18:56] - [2011-09-30 15:06] - 1212416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 0820224 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2009-12-03 15:28] - [2009-04-10 22:26] - 0648704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2010-09-15 15:26] - [2010-04-16 09:07] - 0621568 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2010-09-15 15:26] - [2010-04-16 08:46] - 0502272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2009-12-03 15:27] - [2009-04-10 23:11] - 0027136 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2009-12-03 15:27] - [2009-04-10 22:28] - 0020480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
[2011-10-12 18:56] - [2011-09-30 15:25] - 1147904 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2011-10-12 18:56] - [2011-09-30 15:06] - 0916480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
[2009-12-03 15:27] - [2009-04-10 23:11] - 0328704 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2009-12-03 15:27] - [2009-04-10 22:28] - 0287744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wldap32.dll
[2009-12-03 15:28] - [2009-04-10 23:11] - 0264704 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2008-01-20 18:50] - [2008-01-20 18:50] - 0179200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2009-12-03 15:27] - [2009-04-10 23:11] - 0405504 ____A (Microsoft Corporation) 6D0773A3A65D28B663F334C90441D01A

C:\Windows\System32\wininit.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0123904 ____A (Microsoft Corporation) 117EA87DF785CA1B9D821F6F213DCE07

C:\Windows\explorer.exe
[2009-12-03 15:28] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\System32\Drivers\volsnap.sys
[2009-12-03 15:27] - [2009-04-10 23:15] - 0269288 ____A (Microsoft Corporation) 5280AADA24AB36B01A84A6424C475C8D

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4053.95 MB
Available physical RAM: 3635.86 MB
Total Pagefile: 3927.59 MB
Available Pagefile: 3608.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:156.37 GB) NTFS
2 Drive d: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.75 GB) NTFS

==========================================================

Last Boot: 2011-10-13 11:07

======================= End Of Log ==========================

#38
maliprog

Posted 13 October 2011 - 11:13 PM

Trusted Helper

Malware Removal
6,172 posts

Hi Eduardotrojan,

I'll now analyse logs and prepare fix. You also have work to do

.

Please go to Control Panel and navigate to Add/Remove programs. Uninstall your antivirus program because it can interfere with our tools.

After you remove your antivirus delete your version of Combofix and download new version. Run it and post log here for me like you did before.

#39
Eduardotrojan

Posted 14 October 2011 - 10:22 AM

Member

Topic Starter
Member
29 posts

Avira was removed and the combofix is below.

ComboFix 11-10-14.02 - Eddie 10/14/2011 11:14:57.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2485 [GMT -4:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-14 15:26 . 2011-10-14 15:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7F22391-AEA8-4E0F-B9AD-8D8C754B9E01}\offreg.dll
2011-10-14 15:26 . 2011-10-14 15:26 -------- d-----we c:\windows\system64
2011-10-14 15:24 . 2011-10-14 16:17 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2011-10-14 15:24 . 2011-10-14 15:24 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-14 15:24 . 2011-10-14 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 13:12 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7F22391-AEA8-4E0F-B9AD-8D8C754B9E01}\mpengine.dll
2011-10-13 23:29 . 2011-10-13 23:30 -------- d-----w- C:\FRST
2011-10-13 02:52 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 02:46 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 02:46 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 02:46 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 02:46 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-13 02:46 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 02:46 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 02:46 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 02:46 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-13 02:45 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 02:45 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-13 02:45 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 02:45 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 02:45 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 02:45 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 02:45 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 02:45 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 02:45 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-13 02:45 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-07 14:06 . 2011-10-07 14:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-02 01:30 . 2011-10-02 01:30 -------- d-----w- C:\_OTM
2011-09-29 21:05 . 2011-09-29 21:05 -------- d-----w- C:\_OTL
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 19:32 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 17:51 . 2011-09-28 17:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 17:49 . 2011-09-28 22:33 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 14:10 . 2011-09-06 14:10 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-28 04:30 . 2011-08-28 04:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"FAStartup"="" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-06-18 77824]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
.
c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [2007-10-05 34032]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 1044720]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-03-07 2360584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2009-02-11 634888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MemoryCardManager"="c:\program files (x86)\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"dldomon.exe"="c:\program files (x86)\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\SysWOW64\ping.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
.
**************************************************************************
.
Completion time: 2011-10-14 12:20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-14 16:20
ComboFix2.txt 2011-10-12 16:40
ComboFix3.txt 2011-10-10 17:04
ComboFix4.txt 2011-10-04 14:26
ComboFix5.txt 2011-10-14 15:12
.
Pre-Run: 169,586,126,848 bytes free
Post-Run: 168,642,355,200 bytes free
.
- - End Of File - - C86B349A1E3B566DF9E4B35DA3037EAD

#40
maliprog

Posted 14 October 2011 - 11:04 PM

Trusted Helper

Malware Removal
6,172 posts

Hi Eduardotrojan,

Time to try a fix.

Step 1

Open Notepad and copy/paste the content inside the quote box, into Notepad:

SubSystems: [Windows] ==> ZeroAccess
2011-10-12 16:31 . 2011-10-12 16:31 -------- d-----we c:\windows\system64

Save this as fixlist.txt and it must be saved in the same location as the tool, frst64.exe.

Boot into the Recovery Environment, command prompt, same as you did before.

At the command prompt, type in the following and press Enter:

cd /d d:\frst64.exe

Run FRST64.exe and press the Fix button just once, and wait.
After the fix Fix.txt will be saved on your flash drive at the same location where frst64.exe is located.

When it has completed, exit the Command prompt and restart the computer.

Step 2

Run Combofix and let it update if it ask. Scan your system and post log as you did before.

Step 3

Please don't forget to include these items in your reply:

Fix.txt from frst64.exe
New Combofix log

It would be helpful if you could post each log in separate post

#41
Eduardotrojan

Posted 15 October 2011 - 09:13 PM

Member

Topic Starter
Member
29 posts

ComboFix 11-10-15.04 - Eddie 10/15/2011 21:06:30.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2641 [GMT -4:00]
Running from: c:\users\Eddie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-16 01:22 . 2011-10-16 01:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7F22391-AEA8-4E0F-B9AD-8D8C754B9E01}\offreg.dll
2011-10-16 01:20 . 2011-10-16 01:25 -------- d-----w- c:\users\Eddie\AppData\Local\temp
2011-10-16 01:20 . 2011-10-16 01:20 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-10-16 01:20 . 2011-10-16 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 13:12 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7F22391-AEA8-4E0F-B9AD-8D8C754B9E01}\mpengine.dll
2011-10-13 23:29 . 2011-10-13 23:30 -------- d-----w- C:\FRST
2011-10-13 02:52 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 02:46 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 02:46 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 02:46 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 02:46 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-13 02:46 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 02:46 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 02:46 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 02:46 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-13 02:45 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 02:45 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-13 02:45 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 02:45 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 02:45 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 02:45 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 02:45 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 02:45 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 02:45 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-13 02:45 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-07 14:06 . 2011-10-07 14:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-02 01:30 . 2011-10-02 01:30 -------- d-----w- C:\_OTM
2011-09-29 21:05 . 2011-09-29 21:05 -------- d-----w- C:\_OTL
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\users\Eddie\AppData\Roaming\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 19:32 . 2011-09-28 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 19:32 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 17:51 . 2011-09-28 17:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-28 17:49 . 2011-09-28 22:33 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 14:10 . 2011-09-06 14:10 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-28 04:30 . 2011-08-28 04:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-03-07 95496]
"FAStartup"="" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2009-06-18 77824]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
.
c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-03-07 19:15 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [2007-10-05 34032]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 1044720]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-03-07 2360584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1657128]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2009-02-11 634888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MemoryCardManager"="c:\program files (x86)\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"dldomon.exe"="c:\program files (x86)\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-15 21:41:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-16 01:40
ComboFix2.txt 2011-10-14 16:20
ComboFix3.txt 2011-10-12 16:40
ComboFix4.txt 2011-10-10 17:04
ComboFix5.txt 2011-10-16 01:03
.
Pre-Run: 168,349,077,504 bytes free
Post-Run: 168,205,316,096 bytes free
.
- - End Of File - - 34FD2F72022079EB60E17117612DBF33

#42
Eduardotrojan

Posted 15 October 2011 - 09:14 PM

Member

Topic Starter
Member
29 posts

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.4)
Ran by SYSTEM at 2011-10-15 20:57:26 R:1
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
c:\windows\system64 moved successfully.

==== End of Fixlog ====

#43
maliprog

Posted 16 October 2011 - 12:06 AM

Trusted Helper

Malware Removal
6,172 posts

Looking good. Let's see what OTL will tell us. Did you notice any difference?

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

#44
Eduardotrojan

Posted 16 October 2011 - 07:22 PM

Member

Topic Starter
Member
29 posts

Without Avira installed I of course don't see warning messages but also when I search from google the browser does not jump to a spam site like it did before. Here is OTL

OTL logfile created on: 10/16/2011 8:30:17 PM - Run 8
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Eddie\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.55% Memory free
8.09 Gb Paging File | 6.58 Gb Available in Paging File | 81.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 158.52 Gb Free Space | 55.93% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.75 Gb Free Space | 52.89% Space Free | Partition Type: NTFS

Computer Name: EDDIES-DELL | User Name: Eddie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
PRC - [2011/09/28 08:59:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/03/07 15:16:26 | 001,934,600 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/03/07 15:16:26 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/11 12:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/28 08:59:14 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/03/07 15:17:04 | 000,088,840 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2009/03/07 15:16:30 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2009/03/07 15:15:28 | 000,234,248 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
MOD - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
MOD - [2007/09/06 16:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldoscw.dll
MOD - [2007/08/01 04:15:51 | 000,077,906 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocfg.dll
MOD - [2007/05/03 11:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldodatr.dll
MOD - [2007/04/09 09:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\DLDOptp.dll
MOD - [2006/12/28 11:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocats.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/20 04:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/20 04:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/18 13:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 12:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/07 15:16:00 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldocoms.exe -- (dldo_device)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/21 15:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/20 04:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/02/11 09:47:50 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mausbft.sys -- (MAUSBFT)
DRV:64bit: - [2009/02/10 05:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2009/02/10 05:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/26 03:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/26 02:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 11:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/08 05:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/09/16 05:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/16 05:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/16 05:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Eddie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 22:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/01 22:27:31 | 000,000,000 | ---D | M]

[2009/06/27 19:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Extensions
[2011/10/15 20:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions
[2011/05/13 16:48:27 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\kgvvuk9d.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/10/09 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 12:44:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/18 00:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/15 21:24:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" File not found
O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4256B9A-C8A6-44DB-8C18-7B71AE3A41C0}: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 21:41:23 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\temp
[2011/10/15 21:24:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/14 11:11:18 | 004,261,887 | R--- | C] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/13 19:29:24 | 000,000,000 | ---D | C] -- C:\FRST
[2011/10/08 17:17:05 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\tdsskiller
[2011/10/08 17:01:22 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/05 12:32:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 10:26:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/01 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\GooredFix Backups
[2011/10/01 21:30:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/30 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/29 17:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/28 18:38:06 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 17:57:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/28 17:57:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 17:57:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 17:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 17:57:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Malwarebytes
[2011/09/28 15:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 15:32:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 15:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/28 13:51:42 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/28 13:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/04 14:50:58 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
[2009/07/04 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
[2009/07/04 14:50:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
[2009/07/04 14:50:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
[2009/07/04 14:50:56 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
[2009/07/04 14:50:56 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
[2009/07/04 14:50:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
[2009/07/04 14:50:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
[2009/07/04 14:50:55 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
[2009/07/04 14:50:55 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
[2009/07/04 14:50:55 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
[2009/07/04 14:50:55 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
[2009/07/04 14:50:54 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe

========== Files - Modified Within 30 Days ==========

[2011/10/16 20:27:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 20:27:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 20:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/16 20:27:17 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 21:24:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/15 21:02:39 | 004,261,887 | R--- | M] (Swearware) -- C:\Users\Eddie\Desktop\ComboFix.exe
[2011/10/15 20:26:12 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/15 20:26:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/15 20:26:12 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/13 08:57:06 | 000,399,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/09 23:08:04 | 000,000,732 | ---- | M] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/10/09 12:09:38 | 000,080,384 | ---- | M] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:37 | 000,648,214 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:47 | 001,539,630 | ---- | M] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/08 17:01:23 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Eddie\Desktop\antizeroaccess.exe
[2011/10/07 10:05:48 | 098,668,152 | ---- | M] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:58 | 000,002,316 | ---- | M] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:04 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | M] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/05 12:54:50 | 408,035,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/05 12:33:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Eddie\Desktop\aswMBR.exe
[2011/10/04 11:42:52 | 000,633,966 | ---- | M] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/10/04 11:13:26 | 000,000,486 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/10/02 19:15:35 | 000,082,929 | ---- | M] () -- C:\Users\Eddie\Desktop\Hannan Flight Resume.pdf
[2011/09/30 13:05:02 | 000,044,544 | ---- | M] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 18:38:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/28 13:51:41 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/27 22:42:21 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd

========== Files Created - No Company Name ==========

[2011/10/10 12:34:13 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 12:09:36 | 000,080,384 | ---- | C] () -- C:\Users\Eddie\Desktop\MBRCheck.exe
[2011/10/08 17:36:32 | 000,648,214 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report.PDF
[2011/10/08 17:16:43 | 001,539,630 | ---- | C] () -- C:\Users\Eddie\Desktop\tdsskiller.zip
[2011/10/07 10:04:27 | 098,668,152 | ---- | C] () -- C:\Users\Eddie\Desktop\setup_11.0.0.1245.x01_2011_10_07_17_21.exe
[2011/10/07 10:01:57 | 000,002,316 | ---- | C] () -- C:\Users\Eddie\Desktop\h29MRNfE.htm.part
[2011/10/06 17:36:03 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL (2).zip
[2011/10/06 17:30:07 | 000,681,545 | ---- | C] () -- C:\Users\Eddie\Desktop\OTL.zip
[2011/10/04 11:42:49 | 000,633,966 | ---- | C] () -- C:\Users\Eddie\Desktop\Jeppesen Style Flight Log Report10-4.PDF
[2011/09/30 13:11:02 | 000,000,732 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps64.dat
[2011/09/28 17:57:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/28 17:57:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/28 17:57:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/28 17:57:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/28 17:57:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 15:32:32 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 22:42:21 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
[2011/06/29 13:45:10 | 000,220,539 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/06/29 13:45:10 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2010/09/27 23:57:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/17 13:58:40 | 000,157,465 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/02/04 17:54:46 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/01/25 22:08:21 | 000,000,000 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\wklnhst.dat
[2010/01/25 22:05:26 | 000,000,486 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/03 19:28:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 19:28:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 19:27:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 12:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Eddie\AppData\Local\d3d9caps.dat
[2009/07/04 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
[2009/07/04 14:50:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
[2009/07/04 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
[2009/07/04 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
[2009/07/04 14:50:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
[2009/07/04 14:50:57 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
[2009/07/04 14:50:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
[2009/07/04 14:50:57 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
[2009/07/04 14:50:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
[2009/07/04 14:50:54 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
[2009/07/04 14:37:12 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/06/29 22:30:26 | 000,044,544 | ---- | C] () -- C:\Users\Eddie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 02:07:23 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/06/21 01:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/20 23:44:34 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/07 15:17:04 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/03/07 15:16:30 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/03/07 15:15:28 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/12/09 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\968 Series
[2009/10/26 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Amazon
[2010/02/06 19:00:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Digidesign
[2010/03/14 13:09:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Facebook
[2010/02/04 22:38:09 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 16:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Sling Media
[2010/02/04 18:36:17 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Structure
[2010/01/25 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Template
[2010/12/03 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\Windows Live Writer
[2011/10/15 23:19:17 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

#45
maliprog

Posted 16 October 2011 - 11:06 PM

Trusted Helper

Malware Removal
6,172 posts

Nice. Before we install antivirus on your PC let's do VRT scan.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post