Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Trojan Sharpro/Rootkit Mayham


  • Please log in to reply

#16
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ESET

C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\dmnillpmkimgklmdcmaeljjhhpoehdje\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8CF4D3C9-A44D-4F6E-8C86-DBA5BFC36BC5}\RP284\A0071972.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8CF4D3C9-A44D-4F6E-8C86-DBA5BFC36BC5}\RP284\A0071974.dll a variant of Win32/Kryptik.UQZ trojan cleaned by deleting - quarantined
J:\Torrents\Azureus Downloads\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined
J:\Torrents\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined
J:\pc\My Music\VST & VSTi Plugins\VSTi\Tone2 Firebird 1.2.1 VSTi\Tone2 Firebird 1.2.1 (Keygen).exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined



bitDefender



QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Sun Oct 30 22:47:54 2011
Machine ID: CC528ECC



No infection found.
-------------------



Processes
---------
ArcSoft Connect 1056 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Bluetooth Software 1308 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Bonjour 1220 C:\Program Files\Bonjour\mDNSResponder.exe
Dropbox 1096 C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
Firefox 3960 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 416 C:\Program Files\Mozilla Firefox\plugin-container.exe
Firefox 456 C:\Program Files\Mozilla Firefox\plugin-container.exe
Giga Pocket 4004 C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
iTunes 2600 C:\Program Files\iPod\bin\iPodService.exe
iTunes 600 C:\Program Files\iTunes\iTunesHelper.exe
KODAK AiO Printer Driver 180 C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
Malwarebytes' Anti-Malware 720 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes' Anti-Malware 228 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft Malware Protection 1248 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
Microsoft Security Client 528 C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System 3176 C:\WINDOWS\ehome\ehmsas.exe
Microsoft® Windows® Operating System 1328 C:\WINDOWS\ehome\ehRecvr.exe
Microsoft® Windows® Operating System 1552 C:\WINDOWS\ehome\ehSched.exe
Microsoft® Windows® Operating System 176 C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System 1676 C:\WINDOWS\system32\spoolsv.exe
MobileDeviceService 1196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVIDIA Driver Helper Service, Version 2 1072 C:\WINDOWS\system32\nvsvc32.exe
Razer Mamba Driver 584 C:\Program Files\Razer\Mamba\RazerTray.exe
Realtek HD Sound Manager 516 C:\WINDOWS\SOUNDMAN.EXE
SonicStageMonitoring Module 1468 C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
Sony TV Tuner Library 1744 C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
StartMan Application 1792 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
Ulead Systems ULCDRSvr 2084 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
VAIO Entertainment 2116 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
VAIO Entertainment 2188 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
VAIO Entertainment 2308 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(verified) Microsoft® Windows® Operating System 1856 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2732 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 764 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3416 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 3612 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 844 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 536 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 832 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 704 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1156 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1472 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1588 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1044 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 788 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2644 C:\WINDOWS\system32\wuauclt.exe
(verified) Windows® Internet Explorer 2920 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4076 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process Dropbox.exe (1096) connected on port 80 (HTTP) --> 199.47.216.144
Process firefox.exe (3960) connected on port 80 (HTTP) --> 72.14.204.102
Process firefox.exe (3960) connected on port 80 (HTTP) --> 72.14.204.148
Process firefox.exe (3960) connected on port 80 (HTTP) --> 69.171.229.12
Process firefox.exe (3960) connected on port 80 (HTTP) --> 72.14.204.155
Process firefox.exe (3960) connected on port 80 (HTTP) --> 66.235.143.118
Process firefox.exe (3960) connected on port 80 (HTTP) --> 204.245.63.91
Process firefox.exe (3960) connected on port 80 (HTTP) --> 72.14.204.155
Process firefox.exe (3960) connected on port 80 (HTTP) --> 66.235.143.118
Process firefox.exe (3960) connected on port 443 (HTTP over SSL) --> 72.14.204.155
Process firefox.exe (3960) connected on port 80 (HTTP) --> 72.14.204.99
Process firefox.exe (3960) connected on port 80 (HTTP) --> 72.14.204.102

Process Dropbox.exe (1096) listens on ports: 17500
Process svchost.exe (1156) listens on ports: 135 (RPC)
Process VCSW.exe (2116) listens on ports: 51493


Autoruns and critical files
---------------------------
ALCWZRD C:\WINDOWS\ALCWZRD.EXE
Dropbox C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
KODAK AiO Printer Driver C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft Malware Protection C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\HDAudPropShortcut.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\nature.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
Razer Mamba Driver C:\Program Files\Razer\Mamba\RazerTray.exe
Realtek HD Sound Manager C:\WINDOWS\SOUNDMAN.EXE
Reminder Application C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
getPlusPlus for Adobe 16248 C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
getPlusPlus for Adobe 16248 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
Java™ Platform SE 6 U12 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U12 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U12 c:\program files\java\jre6\bin\ssv.dll
Java™ Platform SE 6 U12 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Logitech Device Detection C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
(verified) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll


Scan
----
MD5: 5ce6da15608a09d0e7d6818dc47870b7 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0A9C072-DA9C-47CE-A866-BAC74ABB3A0A}\mpengine.dll
MD5: 5f53edfead46fa7adb78eee9ecce8fdf C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0A9C072-DA9C-47CE-A866-BAC74ABB3A0A}\MpKslff7a9e4c.sys
MD5: 163db46b803e4c83c444a026ff17d269 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0A9C072-DA9C-47CE-A866-BAC74ABB3A0A}\offreg.dll
MD5: fe36976864a30ea91e14d024f8bf7dd8 C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
MD5: 6d74290856347cf8682277a54b433d4b C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
MD5: 0b02d9aa67eea2c5524943b69418512e C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\PYTHON25.DLL
MD5: dfd5a8c94118c4e85b33245c2ddb553a C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 1a3ab578d9f4f130885b0cc0ce66d162 C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
MD5: cd8208bcf97ca4dd4e35d4d50451acb9 C:\Program Files\AC3Filter\ac3filter.ax
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 4bc381316f422f3a5d5a957d3aa2224e C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 1edd423e34c5ff8f1c9c94a1afc12d03 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: de4835a2de88d3597fdc92b863333f05 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 984fcaf5834bdea232822ef5ca20ec4e C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
MD5: c66cf5ad1e3a932da19afda03e64abae C:\Program Files\Common Files\Sony Shared\AvLib\Metallic.dll
MD5: 5224a38c683179246bc5b5a07ba04ca4 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll
MD5: 342c9641e44f118d6041b6dc322553c7 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll
MD5: 13d605fce195e9ef827184da2134d572 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
MD5: 11c6e7863f736a9e6e3c0b19537ab45f C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll
MD5: 30361c7dcdc2a43b18497bf7a0252dd4 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCP71.dll
MD5: 3b65455e8380b736d15c1deebe802aa7 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCR71.dll
MD5: 9649eb4e01207767d24e3e2367054c87 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdb.dll
MD5: 9cde3926e330ec62996468f36c7723cd C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll
MD5: c54fc776e5c85369b96095b29cf42ba1 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll
MD5: 15dda77e434484e6b5b4d0b60efe76ed C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
MD5: 2786bf9680e9dbe340071c4bc511a707 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvcps.dll
MD5: b688df262fcd8b74c0e95e8298234d0a C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll
MD5: b05a385d8736b74c857ad78a43a94e68 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCs.dll
MD5: 0e362e517afeb0669bd473315be3cde5 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
MD5: ad956e6da1eff6a27a146454c2a7b47d C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFwImport.dll
MD5: 047eb1a2f1e591e8892dce24e9392a90 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
MD5: 447af8ef9c114af75e252be2a4e9c4aa C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
MD5: 26687d8e9feed2ebab77670c72007b48 C:\Program Files\Common Files\System\ado\msado15.dll
MD5: 31acfc16cb9ed1ce1b4e7bd85c835281 C:\Program Files\Common Files\System\ado\msadrh15.dll
MD5: 810883e6225c0037f2553d964fc866e3 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: 6827ca29d7ad3595660271f3f05c79b5 C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 8eb0a2a9040cf4b66690fc80ca355902 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 1115eea4ae0da72e416b210adba424a2 C:\Program Files\internet explorer\xpshims.dll
MD5: e51bd095b2fdf56b17ee010bb794d6ed C:\Program Files\iPod\bin\iPodService.exe
MD5: 575f5312fa76cf33414e7c789f5494f7 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 80bbd9fc6c8e7a56822571b1dea57ce2 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 14f224029d16ef25fa879e7c9f558b1f C:\Program Files\iTunes\iTunesHelper.dll
MD5: c0fd8553cecde061ad3e7c1cc80c7edb C:\Program Files\iTunes\iTunesHelper.exe
MD5: 6b1b7dfbe12d107d21cf1c9ae1c02cd7 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: ae3b42162f146441e92bfd163455d91e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 167235bfcb884d8b4d514767cb82fcef C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 2ca866c48bd8781383f63229d4d94349 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 511ab23a292497f2c527eee5775b0bfe C:\Program Files\Java\jre6\bin\jqs.exe
MD5: a14a2a376d70b223778255a852f21e23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: a98d9eefd798d817586021c04d76165f c:\program files\java\jre6\bin\ssv.dll
MD5: 8f9867cea366201d7759f930f9f986bb c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: d8d95f3867c2c93d012660e59e80db20 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 026423673b8563e9975bda97ed6273c7 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 0af0c0c737ee9ba80a1c0b72fe9022c8 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 94e920be59b9ab65d95e582dbaa136ac C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 0ef5a9073dd4bf47dd7c340749d56b14 C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll
MD5: 12b9c4fa0d4735a1873fed4083b75748 C:\Program Files\Microsoft Security Client\Antimalware\MpClient.Dll
MD5: 574c4419f1634e0dba09fa920ab837ff C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
MD5: 7a63b08c8e9f3a057a81e3b29d29c407 C:\Program Files\Microsoft Security Client\Antimalware\mprtp.dll
MD5: f614ab3f0af8defe7ad91be2ba483603 C:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll
MD5: cfce43b70ca0cc4dcc8adb62b792b173 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
MD5: 96e6931ecc73b103b1a00a84416dada9 C:\Program Files\Microsoft Security Client\EppManifest.dll
MD5: d0ebe8f93c70fca792e241ce268bc837 C:\Program Files\Microsoft Security Client\msseces.exe
MD5: 8a3314f8e2d828c689a1afabaadf1453 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4e5585800b561fbef64b27425365a36f C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 8ea8b096ce1c336e031fc91f50fd2c79 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: d45b94e37b589d44602c8cd23d5846f2 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 201d1419f982e4e99491730800f93f8a C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 6769fa99f14b0a3a076c9b5c37c612ad C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: fa5c3b89009e6eeeb8ce5b5d522c8d86 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: ffdf182c96bd0a9fd3bc63bc7ebd29d9 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: c47e54508c4fd350d5aed0934e5f7ec5 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 95bfebc87318a69daf90a451d8c41d9e C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 8f6e5bf3249385755a27216ba875fe54 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 5bfb3f3f690a279c0487a43a4959c58f C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 8986675ef2d7f77a4ae2ec43e7e14cbb C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 328a247f9fc842e09f271ef53247c0f2 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: e5daea8e7689a547a1edab4768934498 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 83f4ba8b8cda4f063aa2002955a508a9 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
MD5: 1a3ab578d9f4f130885b0cc0ce66d162 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 9223c76cb27be62b2c7bcb3e2a677d62 C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
MD5: 19b4bddd14eda48ec07aace52b56c5c6 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: fb38afc34dfb91c2b589a7bf535f21f9 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 4265870f374c9a2be39d1ca6111200be C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 428013e8625ddc3a220a2cb77c82a448 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 3799b05efbc4f0a4b430ddec09791c88 C:\Program Files\Mozilla Firefox\xul.dll
MD5: fd7e9aba274df75e08320420b8e9a1d5 C:\Program Files\NOS\bin\getPlus_Helper.dll
MD5: 3a3f869c699417fdf272f5206f8244a9 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
MD5: c0eb44d5a557b644b90d703a9781d049 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
MD5: aa59c4c6b7cc91479deb47a40bee96e7 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: 96835fc19d90adafca5d18289d5983ab C:\Program Files\Razer\Mamba\RazerTray.exe
MD5: 34471c54292a40b2d5cade8cac20cf86 C:\Program Files\Sony\Sony TV Tuner Library\HALMAPV.dll
MD5: cd1bea0cb0e96b828d225b106cbfb968 C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
MD5: 5902521d6ccade2b0080071b6f5dcdde C:\Program Files\Sony\Sony TV Tuner Library\rm.dll
MD5: af35291f72f6cf0915765e44f1045305 C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
MD5: 0b3136eb86470e9fc6c034d55c733f40 C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll
MD5: bc5e7699d14fc81701f2a3587f561970 C:\Program Files\Sony\Sony TV Tuner Library\shwrdb.dll
MD5: efaaeed11aaf285435a0dcfe15047983 C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
MD5: f557abec44df2969fdf9d651c4b484b4 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
MD5: 15b2da6e153cc25d1555723894af7c45 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
MD5: 86477aad03513e5d6a8d6e69fe3eb3b7 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
MD5: e676a2c17581d84cf739e2785e5e760b C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
MD5: 9ba7faedc9d45e0d6641b87406e8ba1b C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
MD5: a0eea6f631349d0e0b7a6caa7e099cb0 C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
MD5: 49e9ed37faec5e8c03e81fd73d3884d6 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
MD5: b43b46985ac1a4f77e6b73248d138f9a C:\Program Files\Windows Media Player\wmpband.dll
MD5: 308c563e97e9be4a78bfc78d60112390 C:\WINDOWS\ALCWZRD.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 0c78701c6f42345dff2b2b6c3c3d01ef C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: 04f893509c03c84f717a83189ed51336 C:\WINDOWS\ehome\ehmsas.exe
MD5: 326a73f82bcec1d01f8d25c69c297245 C:\WINDOWS\eHome\ehProxy.dll
MD5: 63f371f0248e3732a4821f86e6d0e370 C:\WINDOWS\ehome\ehRecvr.exe
MD5: 16910f8b482919bb6035ed053b691692 C:\WINDOWS\ehome\ehSched.exe
MD5: f90137a9897071ede961a5aba4ea524f C:\WINDOWS\ehome\ehtray.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: fe35736275125fce9f79ac390200be6b C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
MD5: b1d1155ba8d9c4c38a45b52446729a03 C:\WINDOWS\SOUNDMAN.EXE
MD5: b653949db738efd1c9f873d22c64039b C:\WINDOWS\system32\bthcrp.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: be369da2dda97258303abf1b36b40fa4 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: f1beed4f73b9a37e6d30885a0851a1c1 C:\WINDOWS\system32\DRIVERS\AGRSM.sys
MD5: 8759322ffc1a50569c1e5528ee8026b7 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: ecdc40cc54603c711e1a7a1c9255184a C:\WINDOWS\system32\drivers\btaudio.sys
MD5: 885b6d0f826a216eee4c3ad883809012 C:\WINDOWS\system32\DRIVERS\btkrnl.sys
MD5: 58a49bd10e08d3d4333a60dedcb1ced8 C:\WINDOWS\system32\DRIVERS\btport.sys
MD5: b1d350f3f13cf340fce93912d2ba1ebf C:\WINDOWS\system32\DRIVERS\btwdndis.sys
MD5: e48668b4a6a5cf68b33aecad18ee8e1e C:\WINDOWS\system32\DRIVERS\btwhid.sys
MD5: 57e91e9925976bbc98984eebaaf1d84c C:\WINDOWS\System32\Drivers\btwusb.sys
MD5: 526192bf7696f72e29777bf4a180513a C:\WINDOWS\system32\DRIVERS\DMICall.sys
MD5: 7d91dc6342248369f94d6eba0cf42e99 C:\WINDOWS\system32\DRIVERS\e100b325.sys
MD5: 160b24fd894e79e71c983ea403a6e6e7 C:\WINDOWS\system32\drivers\HdAudio.sys
MD5: bb1a6fb7d35a91e599973fa74a619056 C:\WINDOWS\system32\DRIVERS\hidir.sys
MD5: b43b36b382aea10861f7c7a37f9d4ae2 C:\WINDOWS\system32\DRIVERS\IrBus.sys
MD5: 53d9bd8bdf06d7e5fa2dab25afb659b0 C:\WINDOWS\System32\drivers\keyscrambler.sys
MD5: 0c6e346cde730cf1356dd69ad6e9bc42 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
MD5: 8a5993705add14352c9a279fa8338334 C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
MD5: 9837e55673818ecd8febb47f7f77521a C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
MD5: 793928d36645c82c118c2c56d986a298 C:\WINDOWS\system32\DRIVERS\mausbmp.sys
MD5: 69a6268d7f81e53d568ab4e7e991caf3 C:\WINDOWS\system32\drivers\mbam.sys
MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
MD5: fee0baded54222e9f1dae9541212aab1 C:\WINDOWS\system32\DRIVERS\MpFilter.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 18c9b152da7bea76b2f9e4b6412e0aaf C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: 50acb7253d1104e5917e15a0670d63d5 C:\WINDOWS\system32\drivers\nvhda32.sys
MD5: 1ed9ac45c69e650d4f12d1114132622b C:\WINDOWS\system32\drivers\RtkHDAud.sys
MD5: 27d6be8e961ab9df26ec5ce823b68b7f C:\WINDOWS\system32\DRIVERS\smrt.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: e46088b882e6315518630e249ddf958c C:\WINDOWS\system32\drivers\SynasUSB.sys
MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: f5e5f944e63a9b5f6e76c2ebb2ac462f C:\WINDOWS\system32\DRIVERS\xusb21.sys
MD5: dcdac20443bcff7b758ec22a53d72502 C:\WINDOWS\system32\DRMClien.DLL
MD5: 8c7e040d840b45c1b4f76a8ce57d60dc C:\WINDOWS\system32\EKIJ5000MON.dll
MD5: 09515d23c06928f749546e57c2400b0e C:\WINDOWS\system32\encapi.dll
MD5: a50262b56ba1028afd0b1435b32d51c0 C:\WINDOWS\system32\encdec.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: be87245ce60329b31c94f1b4236e5832 C:\WINDOWS\system32\expsrv.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll
MD5: 3e7a11c1c4ebd2c3c52197238df4e14b C:\WINDOWS\system32\HDAudPropShortcut.exe
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll
MD5: aaf56985933f7d3e953e1b994d22e4f4 C:\WINDOWS\system32\iepeers.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: e617b45d6d11184d60030e18c2d58904 C:\WINDOWS\system32\kodak\kds_aio5000\ekaiowia.dll
MD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.ax
MD5: 264c642770cb6269a67ac8e0ed74419f C:\WINDOWS\system32\kstvtune.ax
MD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.ax
MD5: d5c3d43d0616ff699db771928ac0e2cd C:\WINDOWS\system32\ksxbar.ax
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 21a67095edc11a528f5434d28bb0ef3c C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
MD5: 12b8502f4508b2af52190b9790b33903 C:\WINDOWS\system32\mpg2splt.ax
MD5: 3aed76082731f7da2e6e0f58e525f186 C:\WINDOWS\system32\msadds32.ax
MD5: 9e0d70607f833470963672d170bc035d C:\WINDOWS\system32\msfeeds.dll
MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL
MD5: 4963cb503600fc3bcbdbfba51fba1fac C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll
MD5: 077f067c69073d1ebc84984e7fe5ba44 C:\WINDOWS\system32\msjetoledb40.dll
MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL
MD5: e5de87dddb8cbe4687eadf296e58452a C:\WINDOWS\system32\msjtes40.dll
MD5: 140ef97b64f560fd78643cae2cdad838 C:\WINDOWS\system32\mspmsnsv.dll
MD5: c2e173c85478c09acb1084b015e5cba7 C:\WINDOWS\system32\msvidctl.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll
MD5: 3dd0058b893c3532103ad96c593de18c C:\WINDOWS\system32\nature.scr
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 3da3f03e76a6d9630c148efe0fc74230 C:\WINDOWS\system32\nvapi.dll
MD5: 229ef72a47f7ef9233f3a52fa519e01b C:\WINDOWS\system32\NvCpl.dll
MD5: 0e2752b270f5a68d459f7927a81b5afa C:\WINDOWS\system32\NvMcTray.dll
MD5: a8c1e6ff53fb0628a302843ea5fa5ab6 C:\WINDOWS\system32\nvsvc32.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: 95c546e1ca077d07f2117d9c1ca66b68 C:\WINDOWS\system32\OSD.dll
MD5: 98c0492da7971a62fae73f884b637c35 C:\WINDOWS\system32\ptpusd.dll
MD5: 46c76ecb06a712bde508fdcb1f720038 C:\WINDOWS\system32\qasf.dll
MD5: 5029439072e277234046343337e8585d C:\WINDOWS\system32\RazerMiddlewareServer.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 766d9646911a6435b1d7a2df6fa1653d C:\WINDOWS\system32\sbe.dll
MD5: ff3bf3dcbb9603ecfe22dea8d6a02d78 C:\WINDOWS\system32\sbeio.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll
MD5: c896f6270ec20a60799298b423d5f58b C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 790f85b166b965543e712801df6a7e76 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.dll
MD5: 0a757aa6dfc8a4b92a47e7ccb95674b1 C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
MD5: aacfe87a222f122a215a5b3c1bc32b8f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\EKIJ5000PPR.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll
MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll
MD5: a8e44d937aef680f5cdb7907d102aca6 C:\WINDOWS\system32\TVRating.dll
MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll
MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: cafbd14f56a68e6c1a55c0eac7e487fa C:\WINDOWS\system32\VBAJET32.DLL
MD5: 2bac861bf3e5c356d26b555d7811f90a C:\WINDOWS\system32\VBICodec.ax
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 03c7b71249b08ce1f0392b75df9bf53b C:\WINDOWS\system32\wbtapi.dll
MD5: c123ed509dd563e0020db4ca68d3b43b C:\WINDOWS\system32\wiafbdrv.dll
MD5: 376ec4615f3db21f1d5a99e7a73ee232 C:\WINDOWS\system32\WidcommSdk.dll
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 58997182304759f46902a62128d44d5c C:\WINDOWS\system32\WinVd32.sys
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 7a01fb4a8f97a8a532d8bbba887a15c1 C:\WINDOWS\system32\wmadmod.dll
MD5: 0a8eb8a427b552bf0afc12505da2cd97 C:\WINDOWS\system32\wmadmoe.dll
MD5: 289b5b83f5d12f46cc16608729e05b48 C:\WINDOWS\system32\WMASF.DLL
MD5: 0de697754f5406b0a91fa15d9a895d73 C:\WINDOWS\system32\wmspdmoe.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 1.10 KB recvd
Scanned 721 files and modules - 35 seconds

==============================================================================



OTL

OTL logfile created on: 10/31/2011 4:40:44 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin Henry\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 76.24% Memory free
5.59 Gb Paging File | 5.08 Gb Available in Paging File | 90.80% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 16.66 Gb Free Space | 9.29% Space Free | Partition Type: NTFS
Drive J: | 465.64 Gb Total Space | 4.08 Gb Free Space | 0.88% Space Free | Partition Type: FAT32

Computer Name: ITZAMNA | User Name: Kevin Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 01:15:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Mamba\RazerTray.exe
PRC - [2008/10/22 15:54:28 | 001,310,720 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 18:20:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/04/15 15:45:22 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/13 16:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 16:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\WINDOWS\system32\OSD.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/10/28 14:11:16 | 000,516,096 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter.ax
MOD - [2004/09/28 05:54:48 | 000,330,240 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2004/09/28 05:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/09/28 05:54:48 | 000,149,504 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2004/08/10 08:00:00 | 000,154,112 | ---- | M] () -- C:\WINDOWS\system32\vbicodec.ax
MOD - [2003/05/30 17:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LBTServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/17 10:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/11/02 16:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 10:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 04:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/04/15 15:45:22 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/10/30 13:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/13 16:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 16:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 16:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2011/10/31 16:06:22 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D4A7206-1722-4AED-A190-DA153A18599B}\MpKslce9f9ca8.sys -- (MpKslce9f9ca8)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/11 19:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/10/26 06:29:23 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/09 09:39:40 | 000,154,248 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mausbmp.sys -- (MAUSBMP) Service for M-Audio Mobile Pre (WDM)
DRV - [2009/01/18 17:24:40 | 000,114,024 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/10/24 10:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007/08/30 03:00:04 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/08/30 02:59:56 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/08/30 02:59:54 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/08/30 02:59:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/08/30 02:59:40 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/08/30 02:59:26 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/27 21:24:52 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/06 00:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/13 18:48:32 | 001,266,380 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2000/12/05 20:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E ED 2D C6 41 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 77 04 24 6A 6E 39 9F 44 BD B5 48 4A CE C1 D0 9A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=13&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mayanmaji...KIN/DT/DT.html"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/22 23:56:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 01:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/30 14:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 04:27:02 | 000,000,000 | ---D | M]

[2009/03/11 12:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Extensions
[2011/10/30 22:46:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions
[2010/04/28 06:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/22 08:22:19 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/10/30 22:46:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/10/29 21:50:10 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/10/23 20:54:41 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]
[2010/09/17 10:41:48 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected](2).beard
[2009/05/16 08:29:50 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\searchplugins\winamp-search.xml
[2011/10/30 14:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 06:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/25 12:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/06/08 10:29:07 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/06/08 10:29:08 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/10/29 21:38:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Kevin Henry\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F404F644-4694-479F-AC41-3FBF53B21CAF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 15:43:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 11:05:06 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 02:38:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Kevin Henry\Desktop\VEW.exe
[2011/10/30 22:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\QuickScan
[2011/10/30 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/29 21:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/28 14:43:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/27 23:02:39 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/10/27 02:26:25 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/10/26 16:46:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.sys
[2011/10/26 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\My Documents\PcSetup
[2011/10/26 12:19:08 | 019,151,634 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Kevin Henry\Desktop\tor-browser-2.2.33-3_en-US.exe
[2011/10/26 04:43:36 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kevin Henry\Desktop\tdsskiller.exe
[2011/10/26 04:43:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kevin Henry\Desktop\aswMBR.exe
[2011/10/25 07:22:05 | 000,000,000 | ---D | C] -- C:\Click to DVD 2
[2011/10/25 07:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Vso
[2011/10/25 07:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\AVS4YOU
[2011/10/25 06:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/10/25 06:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/10/25 06:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/10/25 06:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/10/25 06:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/10/25 06:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\NCH Software
[2011/10/25 01:15:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2011/10/25 00:47:51 | 004,278,104 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\ComboFix.exe
[2011/10/25 00:32:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\dds.scr
[2011/10/23 20:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\My Documents\Downloads
[2011/10/23 06:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logitech
[2011/10/23 06:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/10/23 06:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/23 06:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2011/10/23 06:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShared
[2011/10/23 06:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/10/23 03:02:12 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2011/10/23 02:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 02:28:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/19 04:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2011/10/19 04:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/19 04:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/10/12 14:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Leadertech
[2011/10/12 14:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2011/10/12 14:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd(2)
[2011/10/12 14:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logitech(2)
[2011/10/12 14:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logishrd
[2011/10/12 06:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\fighter
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/31 16:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/31 16:00:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/31 15:46:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 15:45:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 02:38:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Kevin Henry\Desktop\VEW.exe
[2011/10/30 23:00:06 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/10/30 14:46:59 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/30 14:46:59 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/29 21:38:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/29 21:24:05 | 004,278,104 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\ComboFix.exe
[2011/10/28 14:43:19 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/10/28 14:19:10 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/28 08:18:16 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/27 23:02:41 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/10/27 17:11:53 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/27 17:11:53 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/27 02:26:33 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/10/26 20:37:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat
[2011/10/26 16:46:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.sys
[2011/10/26 16:46:06 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.cat
[2011/10/26 16:46:06 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.inf
[2011/10/26 12:20:16 | 019,151,634 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Kevin Henry\Desktop\tor-browser-2.2.33-3_en-US.exe
[2011/10/26 04:44:07 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kevin Henry\Desktop\tdsskiller.exe
[2011/10/26 04:43:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kevin Henry\Desktop\aswMBR.exe
[2011/10/25 01:15:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2011/10/25 00:32:44 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\dds.scr
[2011/10/24 12:11:13 | 000,007,435 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\294097_245499938835336_100001259968097_741869_1822615267_n.jpg
[2011/10/23 01:57:58 | 000,026,056 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\Untitled 1.odt
[2011/10/23 01:49:09 | 000,287,582 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 01:48:43 | 000,235,003 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/10/19 05:12:33 | 000,011,881 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\Post Office Screw Up 10-19-11.odt
[2011/10/15 00:07:00 | 061,561,684 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\TSR 2148 The Complete Barbarian's Handbook.tif
[2011/10/13 10:21:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/26 20:37:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat
[2011/10/26 16:46:06 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.cat
[2011/10/26 16:46:06 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.inf
[2011/10/24 12:11:08 | 000,007,435 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\294097_245499938835336_100001259968097_741869_1822615267_n.jpg
[2011/10/23 01:57:56 | 000,026,056 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\Untitled 1.odt
[2011/10/23 01:49:09 | 000,287,582 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 01:48:43 | 000,235,003 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/10/19 05:12:33 | 000,011,881 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\Post Office Screw Up 10-19-11.odt
[2011/10/15 00:07:00 | 061,561,684 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\TSR 2148 The Complete Barbarian's Handbook.tif
[2011/03/18 18:41:36 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile1.dat
[2010/11/10 19:31:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 01:22:04 | 000,024,640 | ---- | C] () -- C:\Program Files\Common Files\security
[2010/09/01 13:32:21 | 000,049,104 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/02 20:28:35 | 000,004,040 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile0.dat
[2010/02/03 19:27:49 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/03 07:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\prvlcl.dat
[2009/11/05 23:32:10 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\setup_ldm.iss
[2009/10/26 06:29:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009/10/26 06:29:21 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2009/10/12 16:02:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\housecall.guid.cache
[2009/10/07 09:54:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/03/11 12:34:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/03 11:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/03/01 03:15:03 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 15:42:51 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\fusioncache.dat
[2009/02/27 15:32:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/02/27 14:41:07 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009/02/27 14:37:32 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2009/02/27 14:36:43 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/27 14:36:43 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/27 14:36:43 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/27 14:36:43 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/27 14:36:43 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/27 14:36:43 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/27 14:35:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/27 14:29:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/07/19 12:50:12 | 000,104,520 | ---- | C] () -- C:\WINDOWS\System32\OSD.dll
[2007/04/01 10:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 09:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/12/01 18:51:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/12/01 18:35:28 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/12/01 17:43:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/01 17:16:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/12/01 17:16:58 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/12/01 17:16:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2004/12/01 16:49:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/12/01 15:51:57 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/01 15:45:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/01 15:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/01 14:29:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/12/01 14:28:46 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/01 14:28:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/01 14:28:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 14:28:13 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/01 14:28:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 14:28:13 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/01 14:28:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 14:28:13 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 14:28:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 14:28:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 14:28:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/01 14:28:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/01 14:28:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/12/01 07:35:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/01 07:34:29 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/23 09:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/06 12:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 14:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 18:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 18:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2002/01/09 20:47:38 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2002/01/09 20:47:34 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2002/01/09 20:47:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2002/01/09 20:47:19 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2002/01/09 20:04:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/01/01 20:39:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2002/01/01 20:39:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2002/01/01 20:39:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2002/01/01 20:39:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2002/01/01 20:39:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/24 20:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2002/01/01 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/02/27 15:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/22 05:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/03/27 00:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/01/27 10:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/12/22 06:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/27 15:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/28 14:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/03 11:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/02/28 04:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2002/01/01 19:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/09 01:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Resolume Avenue 3
[2009/04/17 14:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2009/04/17 14:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/09/05 07:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/27 00:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/17 15:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2010/05/24 13:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/21 19:12:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}
[2010/12/21 19:12:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{57B10C8A-9A38-45B2-B696-92DA7712A65C}
[2009/12/23 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/21 19:10:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2010/12/21 19:11:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
[2010/10/29 19:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\AVG9
[2002/01/01 19:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Azureus
[2010/09/20 15:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Blender Foundation
[2011/01/27 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\CheckPoint
[2011/10/31 16:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Dropbox
[2009/02/28 15:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\GetRightToGo
[2009/03/30 08:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\HouseCall 6.6
[2009/04/08 01:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\InterVideo
[2011/10/12 14:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Leadertech
[2009/11/15 06:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\LimeWire
[2010/11/22 16:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Logia
[2009/03/03 11:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\OpenOffice.org
[2011/05/03 14:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Opera
[2011/01/19 06:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\PhotoLine
[2009/02/28 04:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\PlayFirst
[2011/10/30 22:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\QuickScan
[2010/05/24 01:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Registry Mechanic
[2010/09/09 01:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Resolume
[2010/05/31 20:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\SoundSpectrum
[2009/04/20 17:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Steinberg
[2009/05/06 11:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\TrueCrypt
[2009/12/31 17:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Ulead Systems
[2010/04/14 03:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Ultra Fractal 5
[2009/07/21 08:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Uniblue
[2011/10/26 16:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Vso
[2011/10/31 16:00:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

***********************************************

sigveri


ekij5100.gpd c:\windows\system32\spool\drivers\w32x86\3 Modified 11/1/2011


***********************************************


VEW


Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/11/2011 4:32:27 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/11/2011 3:52:24 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WinFLdrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The VAIO Entertainment Database Service service depends on the VAIO Entertainment UPnP Client Adapter service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the VAIO Entertainment UPnP Client Adapter service to connect.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Trend Micro RUBotted Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted Service service to connect.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7024 Source: Service Control Manager
The Java Quick Starter service terminated with service-specific error 1 (0x1).

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Logitech Beep Suppression Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate1c99c256096fa40) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 02/11/2011 3:52:21 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c99c256096fa40) service to connect.

Log: 'System' Date/Time: 02/11/2011 3:37:40 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


*****************************************************


Proexp


Process PID CPU Private Bytes Working Set Description Company Name Window Status Verified Signer CPU History Network Receives Network Sends Network Delta Sends
ACService.exe 744 812 K 2,484 K ArcSoft Connect Service ArcSoft Inc.
alg.exe 3664 1,228 K 3,744 K Application Layer Gateway Service Microsoft Corporation
AppleMobileDeviceService.exe 112 4,824 K 7,336 K MobileDeviceService Apple Inc.
btwdins.exe 1296 2,140 K 3,540 K Bluetooth Support Server Broadcom Corporation.
csrss.exe 752 1,688 K 4,064 K Client Server Runtime Process Microsoft Corporation
ctfmon.exe 1200 1,072 K 3,924 K CTF Loader Microsoft Corporation
dllhost.exe 1752 2,316 K 6,432 K COM Surrogate Microsoft Corporation
Dropbox.exe 1440 40,824 K 42,700 K Dropbox Dropbox, Inc. 4 10
ehmsas.exe 3144 732 K 2,916 K Media Center Media Status Aggregator Service Microsoft Corporation
ehRecvr.exe 1188 4,648 K 9,716 K Media Center Receiver Service Microsoft Corporation
ehSched.exe 1224 1,616 K 5,128 K Media Center Scheduler Service Microsoft Corporation
ehtray.exe 136 2,416 K 1,324 K Media Center Tray Applet Microsoft Corporation
EKIJ5000MUI.exe 164 1,412 K 4,272 K Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company
explorer.exe 1828 19,824 K 25,892 K Windows Explorer Microsoft Corporation Running
firefox.exe 3392 126,344 K 135,528 K Firefox Mozilla Corporation Running
iPodService.exe 3916 2,488 K 4,204 K iPodService Module (32-bit) Apple Inc.
iTunesHelper.exe 960 9,488 K 14,680 K iTunesHelper Apple Inc.
lsass.exe 836 3,848 K 1,004 K LSA Shell (Export Version) Microsoft Corporation
mbamgui.exe 840 3,132 K 5,860 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamservice.exe 1676 94,364 K 94,108 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mDNSResponder.exe 1044 1,232 K 3,836 K Bonjour Service Apple Inc.
MsMpEng.exe 1236 99,276 K 62,088 K Antimalware Service Executable Microsoft Corporation
msseces.exe 516 6,284 K 11,000 K Microsoft Security Client User Interface Microsoft Corporation
nvsvc32.exe 1056 4,752 K 6,496 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation
plugin-container.exe 2400 15,584 K 20,092 K Plugin Container for Firefox Mozilla Corporation
RazerTray.exe 664 4,900 K 7,052 K Razer Mamba Configuration Utility Razer USA Ltd
RM_SV.exe 2524 1,212 K 4,008 K RM_SV Module Sony Corporation
rundll32.exe 532 4,452 K 5,884 K Run a DLL as an App Microsoft Corporation
services.exe 824 1,868 K 3,648 K Services and Controller app Microsoft Corporation
SMceMan.exe 260 1,812 K 4,740 K SMceMan Module Sony Corporation
smss.exe 696 172 K 440 K Windows NT Session Manager Microsoft Corporation
SonicStageMonitoring.exe 244 716 K 2,480 K SonicStageMonitoring Module Sony Corporation
SOUNDMAN.EXE 508 1,924 K 3,092 K Realtek Sound Manager Realtek Semiconductor Corp.
spoolsv.exe 1724 6,592 K 8,332 K Spooler SubSystem App Microsoft Corporation
StartManSvc.exe 1964 1,128 K 3,956 K StartMan Application PC Tools
svchost.exe 1092 3,248 K 5,612 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1144 2,016 K 4,924 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1272 24,740 K 36,540 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1580 1,528 K 4,020 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 648 1,376 K 3,936 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 444 2,736 K 4,908 K Generic Host Process for Win32 Services Microsoft Corporation
System 4 0 K 244 K
ULCDRSvr.exe 476 244 K 996 K ULCDRSvr Ulead Systems, Inc.
winlogon.exe 780 6,616 K 6,152 K Windows NT Logon Application Microsoft Corporation
wmiprvse.exe 2340 2,472 K 5,060 K WMI Microsoft Corporation
wuauclt.exe 284 2,292 K 4,420 K Windows Update Microsoft Corporation
procexp.exe 2412 0.78 10,408 K 15,344 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com Running
svchost.exe 1464 0.78 1,428 K 3,780 K Generic Host Process for Win32 Services Microsoft Corporation
Interrupts n/a 1.56 0 K 0 K Hardware Interrupts and DPCs
System Idle Process 0 96.88 0 K 28 K


****************************************************


Hope I got it right. (fingers crossed) lol
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
If you haven't already, please uninstall the following:

Adobe Download Manager
Adobe Reader 7.0
Registry Mechanic 9.0
Trend Micro RUBotted 2.0 Beta
Vuze
SUPERAdBlocker
SUPERAntiSpyware



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

Driver::
SASDIFSV
SASKUTIL
gupdate1c99c256096fa40
LBeepKE
RUBotSrv
gupdatem
SASENUM


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.



Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.
Run Vino's Event Viewer as before and post the logs. Hopefully you saw some improvement in boot time after the Combofix run.

Ron
  • 0

#18
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, when I went to uninstall Registry Mechanic I got this error:

Error Messages file "C:\Program Files\Registry Mechanic\unins000.msg" is missing. Please correct the proble or obtain a new copy of the program.

And Vuze gave me this:

Error: Couldn't load main class.

And I cannot find SUPERAdBlocker & SUPERAntiSpyware on my "Add or Remove" list.

Should I continue on with the next steps, or is there a way I can fix these?

Edited by Arboreal, 02 November 2011 - 02:26 PM.

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Just go on.

Ron
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
It should not take 19 hours to do what it was supposed to do. Go ahead and stop it and reboot. Try it again without the script.

Ron
  • 0

#21
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok rebooted, re-ran ComboFix. Here is the report.


ComboFix 11-11-03.03 - Kevin Henry 11/03/2011 14:53:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2287 [GMT -4:00]
Running from: c:\documents and settings\Kevin Henry\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 18:42 . 2011-11-03 18:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47A7FB5C-C264-4C65-8180-3976BA5B51D8}\MpKsl4a82ad23.sys
2011-11-03 18:42 . 2011-11-03 18:42 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47A7FB5C-C264-4C65-8180-3976BA5B51D8}\offreg.dll
2011-11-03 18:42 . 2011-10-07 00:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47A7FB5C-C264-4C65-8180-3976BA5B51D8}\mpengine.dll
2011-10-31 02:47 . 2011-10-31 02:47 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\QuickScan
2011-10-30 20:25 . 2011-10-30 20:25 -------- d-----w- c:\program files\ESET
2011-10-26 20:46 . 2011-10-26 20:46 47360 ----a-w- c:\documents and settings\Kevin Henry\Application Data\pcouffin.sys
2011-10-25 11:22 . 2011-10-28 03:19 -------- d-----w- C:\Click to DVD 2
2011-10-25 11:14 . 2011-10-26 20:46 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Vso
2011-10-25 11:02 . 2011-10-25 11:02 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\AVS4YOU
2011-10-25 10:59 . 2011-10-26 20:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-10-25 10:58 . 2011-10-26 20:45 -------- d-----w- c:\program files\AVS4YOU
2011-10-25 10:58 . 2011-10-25 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2011-10-25 10:58 . 2010-09-14 22:38 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-10-25 10:36 . 2011-10-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-10-25 10:35 . 2011-10-26 21:06 -------- d-----w- c:\program files\NCH Software
2011-10-25 10:35 . 2011-10-26 21:06 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\NCH Software
2011-10-23 10:27 . 2011-10-24 00:12 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Logitech
2011-10-23 10:27 . 2011-10-23 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-10-23 10:27 . 2011-10-24 00:12 -------- d-----w- c:\program files\Common Files\Logishrd
2011-10-23 10:27 . 2011-10-23 10:27 -------- d-----w- c:\program files\Common Files\LogiShared
2011-10-23 10:21 . 2011-10-23 10:21 -------- d-----w- c:\program files\JRE
2011-10-23 06:28 . 2011-10-23 06:28 -------- d-----w- C:\_OTL
2011-10-12 18:28 . 2011-10-12 18:28 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Leadertech
2011-10-12 18:25 . 2011-10-24 00:54 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Logishrd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 00:48 . 2011-02-19 21:45 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc(2).dll
2011-09-26 15:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 15:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc(2).dll
2011-09-09 09:12 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-12-01 18:28 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 13:20 . 2004-12-01 18:28 1858944 ----a-w- c:\windows\system32\win32k(2).sys
2011-09-03 10:17 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-08-31 21:00 . 2011-03-19 21:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 21:48 . 2007-08-13 23:54 11081728 ----a-w- c:\windows\system32\ieframe(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-12-01 18:28 916480 ----a-w- c:\windows\system32\wininet(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 1212416 ----a-w- c:\windows\system32\urlmon(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 105984 ----a-w- c:\windows\system32\url(2).dll
2011-08-22 23:48 . 2007-08-13 23:34 2000384 ----a-w- c:\windows\system32\iertutil(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-12-01 18:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-12-01 18:28 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-12-01 18:27 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-05-08 17:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Kevin Henry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-5 813584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 15:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kevin Henry\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl4a82ad23;MpKsl4a82ad23;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47A7FB5C-C264-4C65-8180-3976BA5B51D8}\MpKsl4a82ad23.sys [11/3/2011 2:42 PM 28752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/19/2011 5:36 PM 366152]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/24/2010 1:39 AM 632792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/27/2009 4:13 PM 114024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/19/2011 5:36 PM 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2002 7:59 PM 100456]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate1c99c256096fa40;Google Update Service (gupdate1c99c256096fa40);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys --> c:\windows\system32\Drivers\LBeepKE.sys [?]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys --> c:\windows\system32\WinFLdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [8/12/2009 7:59 PM 154248]
S3 SASENUM;SASENUM;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/17/2009 2:35 PM 23288]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL4A82AD23
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2011-11-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.mayanmajix.com/TZOLKIN/DT/DT.html
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6da8d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 15:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2156851215-281014071-3479504740-1005\Software\SecuROM\License information*]
"datasecu"=hex:c8,10,ad,78,94,68,98,bd,31,f5,c7,ea,68,73,4a,31,8b,ba,9b,96,ee,
d4,9e,af,44,31,37,e1,2e,d8,9e,7e,47,b4,d4,be,3a,37,09,db,bb,5d,07,03,ec,2f,\
"rkeysecu"=hex:ac,99,07,cc,43,b8,3d,b2,37,2f,23,5d,5c,8e,d9,ff
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\WININET.dll
c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-03 15:07:59
ComboFix-quarantined-files.txt 2011-11-03 19:07
ComboFix2.txt 2011-10-30 01:44
ComboFix3.txt 2011-10-28 18:55
.
Pre-Run: 17,906,147,328 bytes free
Post-Run: 17,897,857,024 bytes free
.
- - End Of File - - BC155CBC0EF371514B30A80FCC91C693




Shall I move on to the next steps?
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
(Start) Right click on My Computer and select Manage then Device Manager. View, Show Hidden Devices.

In the right pane look for each of these:

SASDIFSV
SASKUTIL
gupdate1c99c256096fa40
LBeepKE
RUBotSrv
gupdatem
SASENUM

Probably under Non-Plug and Play Devices.

If you find one, then right click on it and select Uninstall or Disable. OK.

Once you have found as many as you can then close Device Manager and

(Start) Rightclick on My Computer and select Manage then Services and Application then Services. In the right pane see if you can find
Google Update service.
Logitech Beep Suppression Driver

Right click and select Properties then change the Startup Type: to Disabled. Apply.

Also anything that starts with SuperAnti.

Then continue.

Ron
  • 0

#23
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OK, I found SASDIFSV, & SASKUTIL, uninstalled and rebooted.

then found Google Update service x2, disabled them. Still super slow start up after the 2nd reboot. Moving on to the event viewer tasks.
  • 0

#24
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/11/2011 4:52:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/11/2011 4:49:25 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WinFLdrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/11/2011 4:49:25 PM
Type: error Category: 0
Event: 7024 Source: Service Control Manager
The Java Quick Starter service terminated with service-specific error 1 (0x1).

Log: 'System' Date/Time: 03/11/2011 4:49:25 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Logitech Beep Suppression Driver service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




The startup was quite a bit quicker, still getting the logitech error though, and I can't access my mouse/keyboard interface still. Did Logitech get infected by the trojan, or did MWB delete it's updater or something? I recently updated the logitech software about a month ago, due to it behaving funny. The Logitech Customer Support page said to uninstall and reinstall a newer version, which I did. Worked fine for weeks, then the infection, then the errors and inability to open its interface. uninstall or run.
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
I think you need to uninstall and reinstall the logitech software again. That will help with the problem.

Another thing we are seeing is: WinFLdrv

Copy the next line:

sc config WinFLdrv start= disabled /c

Start, Run, cmd, OK

Now right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

(Did you get an error message or did it take it?)

Finally there is a Java error so

Go to http://java.com/en/ and get the latest Java and install it.

Now clear the events as before and run Vino's (also do it for Applications.)

Ron
  • 0

Advertisements


#26
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
sc config WinFLdrv start= disabled /c did not cause an error, it seems to have taken.

When I went to install the newest java it wouldn't install, I got 3 errors as follows:


Warning - Java™ Update

bin\awt.dll; Old file not found. However, a file of the same name was found. No update done since file contents do not match.


Error -
Java™ Update fails to apply changes to your system.


Error-
Error 1722. There is a problem with the Windows Installer package. A program run as part of the setup did not finish as expected.


****************************

Also, when I go to the "add or remove" list and select to remove Logitech I get a weird warning window with the Logitech symbol at the top left and a "!" in a yellow triangle in the center. What does this mean?
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Delete the folder

C:\Program Files\Java

Go to http://www.java.com/...load/manual.jsp
Right-click on "Windows 7/XP/Vista/2000/2003/2008 Offline" and SAVE the download to your desktop, do not RUN it.
Close all open applications (i.e., anything with an icon on taskbar) then double-click on the saved file (jre-6u29-windows-i586-s.exe) to install the update. Be patient: It may take five (5) minutes or more for the installation to complete.
UNCHECK any optional "foistware" (e.g., McAfee Security Scan Plus [which is not an anti-virus application]; Google, Bing, etc. toolbars) that you don't want to install :!: [2]
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Did it install this time?

Not sure what is wrong with Logitech. Perhaps you can download the program and it will install over the old one?

Ron
  • 0

#28
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hello Again,

Ok, followed your instructions and it still wouldn't install. kept getting these errors:

Java 6 update 29

The feature you are trying to use is on a netwrok resource that is unavailable.


Error 1714. The older version of Java 6 Update 29 cannot be removed.


So I tried to install the other java installer you had me download from the other day "jxpinstall" and it installed just fine, then tried the newer update one and it said "This software is already installed...". So is it good to go now?


Tried completely removing Logitech folder then downloaded the newest software again, and it was able to install, but every time I reboot it uninstalls, and is no longer present. Weird.
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Can you run OTL, Quickscan and post the log?

Also clear the events again, reboot and run Vino's as before.

Is it still slow booting?
  • 0

#30
Arboreal

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
After OTL and before VEW it rebooted like a charm. I'll check it again later, but for now sleep calls.


OTL


OTL logfile created on: 11/7/2011 4:23:43 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin Henry\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 76.98% Memory free
5.59 Gb Paging File | 5.07 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 15.23 Gb Free Space | 8.49% Space Free | Partition Type: NTFS
Drive J: | 465.64 Gb Total Space | 4.08 Gb Free Space | 0.88% Space Free | Partition Type: FAT32

Computer Name: ITZAMNA | User Name: Kevin Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 00:15:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
PRC - [2011/10/07 04:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 14:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/08 08:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/06/09 09:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/25 09:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 09:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 09:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 17:20:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/04/15 14:45:22 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/13 15:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 15:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/07 04:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/10/28 13:11:16 | 000,516,096 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter.ax
MOD - [2004/09/28 04:54:48 | 000,330,240 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2004/09/28 04:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/09/28 04:54:48 | 000,149,504 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2004/08/10 07:00:00 | 000,154,112 | ---- | M] () -- C:\WINDOWS\system32\vbicodec.ax
MOD - [2003/05/30 16:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/08 08:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/09 09:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/11/02 15:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 09:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 09:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 09:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 09:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 11:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 11:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 03:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 03:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 03:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/04/15 14:45:22 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/10/30 12:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/13 15:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 15:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 15:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/11 18:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/10/26 05:29:23 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/09 08:39:40 | 000,154,248 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mausbmp.sys -- (MAUSBMP) Service for M-Audio Mobile Pre (WDM)
DRV - [2009/01/18 16:24:40 | 000,114,024 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/10/24 09:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007/08/30 02:00:04 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/08/30 01:59:56 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/08/30 01:59:54 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/08/30 01:59:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/08/30 01:59:40 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/08/30 01:59:26 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/27 20:24:52 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/13 17:48:32 | 001,266,380 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 18:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E ED 2D C6 41 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 77 04 24 6A 6E 39 9F 44 BD B5 48 4A CE C1 D0 9A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=13&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mayanmaji...KIN/DT/DT.html"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/22 22:56:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/07 04:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/02 15:16:55 | 000,000,000 | ---D | M]

[2009/03/11 11:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Extensions
[2011/11/02 15:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions
[2010/04/28 05:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/22 07:22:19 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/10/30 21:46:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/10/23 19:54:41 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]
[2010/09/17 09:41:48 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected](2).beard
[2009/05/16 07:29:50 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\searchplugins\winamp-search.xml
[2011/11/07 04:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 05:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/06/08 09:29:07 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/06/08 09:29:08 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/10/29 20:38:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Kevin Henry\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F404F644-4694-479F-AC41-3FBF53B21CAF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 14:43:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 11:05:06 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 23:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/06 23:13:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/03 21:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Logishrd
[2011/11/02 03:30:31 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kevin Henry\Desktop\procexp.exe
[2011/10/31 01:38:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Kevin Henry\Desktop\VEW.exe
[2011/10/30 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\QuickScan
[2011/10/30 15:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/29 20:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/28 13:43:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/27 22:02:39 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/10/27 01:26:25 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/10/26 15:46:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.sys
[2011/10/26 15:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\My Documents\PcSetup
[2011/10/26 11:19:08 | 019,151,634 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Kevin Henry\Desktop\tor-browser-2.2.33-3_en-US.exe
[2011/10/26 03:43:36 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kevin Henry\Desktop\tdsskiller.exe
[2011/10/26 03:43:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kevin Henry\Desktop\aswMBR.exe
[2011/10/25 06:22:05 | 000,000,000 | ---D | C] -- C:\Click to DVD 2
[2011/10/25 06:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Vso
[2011/10/25 06:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\AVS4YOU
[2011/10/25 05:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/10/25 05:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/10/25 05:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/10/25 05:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/10/25 05:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/10/25 05:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\NCH Software
[2011/10/25 00:15:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2011/10/24 23:47:51 | 004,282,492 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\ComboFix.exe
[2011/10/24 23:32:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\dds.scr
[2011/10/23 19:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\My Documents\Downloads
[2011/10/23 05:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logitech
[2011/10/23 05:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/10/23 05:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/23 05:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2011/10/23 05:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShared
[2011/10/23 05:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/10/23 02:02:12 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2011/10/23 01:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 01:28:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/19 03:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2011/10/19 03:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/19 03:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/10/12 13:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Leadertech
[2011/10/12 13:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2011/10/12 13:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd(2)
[2011/10/12 13:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logitech(2)
[2011/10/12 13:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logishrd
[2011/10/12 05:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\fighter
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 04:23:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/07 04:23:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/07 04:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 23:24:11 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/11/06 17:20:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/06 17:16:21 | 000,471,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 17:16:21 | 000,083,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 16:54:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 16:53:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 13:51:27 | 004,282,492 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\ComboFix.exe
[2011/11/02 17:04:30 | 000,098,662 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\Chicken in a Tree.m3u
[2011/11/02 03:30:46 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kevin Henry\Desktop\procexp.exe
[2011/10/31 23:41:58 | 000,256,618 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\Age_Verification_Sheet_For_Web.pdf
[2011/10/31 01:38:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Kevin Henry\Desktop\VEW.exe
[2011/10/29 20:38:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/28 13:43:19 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/10/28 13:19:10 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/28 07:18:16 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/27 22:02:41 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/10/27 01:26:33 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kevin Henry\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/10/26 19:37:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat
[2011/10/26 15:46:06 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.sys
[2011/10/26 15:46:06 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.cat
[2011/10/26 15:46:06 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.inf
[2011/10/26 11:20:16 | 019,151,634 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Kevin Henry\Desktop\tor-browser-2.2.33-3_en-US.exe
[2011/10/26 03:44:07 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kevin Henry\Desktop\tdsskiller.exe
[2011/10/26 03:43:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kevin Henry\Desktop\aswMBR.exe
[2011/10/25 00:15:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2011/10/24 23:32:44 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\dds.scr
[2011/10/24 11:11:13 | 000,007,435 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\294097_245499938835336_100001259968097_741869_1822615267_n.jpg
[2011/10/23 00:57:58 | 000,026,056 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\Untitled 1.odt
[2011/10/23 00:49:09 | 000,287,582 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 00:48:43 | 000,235,003 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/10/19 04:12:33 | 000,011,881 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\Post Office Screw Up 10-19-11.odt
[2011/10/14 23:07:00 | 061,561,684 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\TSR 2148 The Complete Barbarian's Handbook.tif
[2011/10/13 09:21:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/02 17:04:30 | 000,098,662 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\Chicken in a Tree.m3u
[2011/10/31 23:41:58 | 000,256,618 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\Age_Verification_Sheet_For_Web.pdf
[2011/10/26 19:37:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat
[2011/10/26 15:46:06 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.cat
[2011/10/26 15:46:06 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\pcouffin.inf
[2011/10/24 11:11:08 | 000,007,435 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\294097_245499938835336_100001259968097_741869_1822615267_n.jpg
[2011/10/23 00:57:56 | 000,026,056 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\Untitled 1.odt
[2011/10/23 00:49:09 | 000,287,582 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 00:48:43 | 000,235,003 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/10/19 04:12:33 | 000,011,881 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\Post Office Screw Up 10-19-11.odt
[2011/10/14 23:07:00 | 061,561,684 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\TSR 2148 The Complete Barbarian's Handbook.tif
[2011/03/18 17:41:36 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile1.dat
[2010/11/10 18:31:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 00:22:04 | 000,024,640 | ---- | C] () -- C:\Program Files\Common Files\security
[2010/09/01 12:32:21 | 000,049,104 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/02 19:28:35 | 000,004,040 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile0.dat
[2010/02/03 18:27:49 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/03 06:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\prvlcl.dat
[2009/11/05 22:32:10 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\setup_ldm.iss
[2009/10/26 05:29:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009/10/26 05:29:21 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2009/10/12 15:02:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\housecall.guid.cache
[2009/10/07 08:54:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/31 13:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/03/11 11:34:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/03 10:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/03/01 02:15:03 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 14:42:51 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\fusioncache.dat
[2009/02/27 14:32:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/02/27 13:41:07 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009/02/27 13:37:32 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2009/02/27 13:36:43 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/27 13:36:43 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/27 13:36:43 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/27 13:36:43 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/27 13:36:43 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/27 13:36:43 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/27 13:35:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/27 13:29:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/07/19 11:50:12 | 000,104,520 | ---- | C] () -- C:\WINDOWS\System32\OSD.dll
[2007/04/01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/12/01 17:51:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/12/01 17:35:28 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/12/01 16:43:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/01 16:16:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/12/01 16:16:58 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/12/01 16:16:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2004/12/01 15:49:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/12/01 14:51:57 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/01 14:45:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/01 14:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/01 13:29:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/12/01 13:28:46 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/01 13:28:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/01 13:28:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 13:28:13 | 000,471,628 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/01 13:28:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 13:28:13 | 000,083,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/01 13:28:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 13:28:13 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 13:28:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 13:28:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 13:28:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/01 13:28:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/01 13:28:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/12/01 06:35:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/01 06:34:29 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/23 08:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/06 11:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 13:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 17:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 17:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2002/01/09 19:47:38 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2002/01/09 19:47:34 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2002/01/09 19:47:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2002/01/09 19:47:19 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2002/01/09 19:04:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/01/01 19:39:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2002/01/01 19:39:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2002/01/01 19:39:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2002/01/01 19:39:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2002/01/01 19:39:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/24 19:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2002/01/01 18:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/02/27 14:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/22 04:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/03/26 23:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/01/27 09:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/12/22 05:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/27 14:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/28 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/03 10:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/02/28 03:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2002/01/01 18:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/09 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Resolume Avenue 3
[2009/04/17 13:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2009/04/17 13:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/09/05 06:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/26 23:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/17 14:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2010/05/24 12:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/21 18:12:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}
[2010/12/21 18:12:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{57B10C8A-9A38-45B2-B696-92DA7712A65C}
[2009/12/23 17:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/21 18:10:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2010/12/21 18:11:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E6F7E8AE-5D26-4508-A961-B0231A24CCAE}
[2010/10/29 18:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\AVG9
[2002/01/01 18:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Azureus
[2010/09/20 14:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Blender Foundation
[2011/01/27 08:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\CheckPoint
[2011/11/06 17:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Dropbox
[2009/02/28 14:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\GetRightToGo
[2009/03/30 07:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\HouseCall 6.6
[2009/04/08 00:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\InterVideo
[2011/10/12 13:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Leadertech
[2009/11/15 05:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\LimeWire
[2010/11/22 15:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Logia
[2009/03/03 10:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\OpenOffice.org
[2011/05/03 13:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Opera
[2011/01/19 05:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\PhotoLine
[2009/02/28 03:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\PlayFirst
[2011/10/30 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\QuickScan
[2010/05/24 00:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Registry Mechanic
[2010/09/09 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Resolume
[2010/05/31 19:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\SoundSpectrum
[2009/04/20 16:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Steinberg
[2009/05/06 10:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\TrueCrypt
[2009/12/31 16:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Ulead Systems
[2010/04/14 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Ultra Fractal 5
[2009/07/21 07:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Uniblue
[2011/10/26 15:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin Henry\Application Data\Vso
[2011/11/06 17:20:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >




Vino's


Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/11/2011 4:55:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2011 4:51:34 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WinFLdrv service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP