Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware-bytes hanging computer [Solved]


  • This topic is locked This topic is locked

#1
Snypa86

Snypa86

    Member

  • Member
  • PipPip
  • 58 posts
So its been a while since I did a clean on my computer. I Have Spy-bot, Malwarebytes(MBam) and avast as my protection, and I usually run all three whenever I think I am overdue. Upon using Mbam, it froze while scanning and nothing would work. I was able to do alt-ctrl-del, but the task manager would never show up. The cursor still moves, but anything that is clicked never opens. Start button worked, but nothing opens. This goes on until the computer just comes to a standstill and the only thing left to do is press the power button and reboot. I did get success running Mbam in safe mode and it found something called sttray64.exe which i removed. But once i was back to normal mode, Mbam still froze, and I took a pic of where it froze at the last time, which was yesterday. Can anyone help me to understand what is going on?

Thank You

Attached Thumbnails

  • IMG-20111030-00085.jpg

  • 0

Advertisements


#2
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Anyone willing to assist me ?
  • 0

#3
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Still having same issues. Can anyone help me with this problem?
  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Sorry for the late reply

Mbam in safe mode and it found something called sttray64.exe which i removed.

That's a false positive so restore it. It's part of the IDT PC Audio driver package.


Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.



Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)
  • 0

#5
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Attached File  MBR.zip   485bytes   119 downloads
Thanks Michael. Not sure what I did to that "false positive" or even how to restore it. Anyways, below are the results from what you had ask me to do.

OTL logfile created on: 11/15/2011 9:38:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Darron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.00% Memory free
8.18 Gb Paging File | 5.21 Gb Available in Paging File | 63.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.09 Gb Total Space | 119.37 Gb Free Space | 41.87% Space Free | Partition Type: NTFS

Computer Name: DARRON-PC | User Name: Darron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 09:22:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
PRC - [2011/10/21 07:31:22 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/02 09:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
PRC - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/10/12 12:31:59 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2009/05/18 11:15:40 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\myibay\myibay.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 03:10:46 | 000,420,920 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 03:10:45 | 003,702,840 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 03:09:24 | 000,518,712 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\libglesv2.dll
MOD - [2011/10/26 03:09:23 | 000,112,696 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\libegl.dll
MOD - [2011/10/26 03:09:09 | 000,122,952 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 03:09:07 | 000,222,280 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 03:09:06 | 001,745,992 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/26 00:14:43 | 008,587,936 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/05/27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/05/18 11:15:40 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\myibay\myibay.exe
MOD - [2009/05/18 11:14:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\pywintypes25.dll
MOD - [2009/05/18 11:10:10 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\myibay2.pyd
MOD - [2009/05/14 19:34:40 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wx._grid.pyd
MOD - [2009/05/14 19:34:24 | 000,663,552 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wx._misc_.pyd
MOD - [2009/05/14 19:33:08 | 000,942,080 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wx._controls_.pyd
MOD - [2009/05/14 19:32:28 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wx._windows_.pyd
MOD - [2009/05/14 19:32:12 | 000,741,376 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wx._gdi_.pyd
MOD - [2009/05/14 19:30:46 | 000,978,944 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wx._core_.pyd
MOD - [2009/05/14 19:18:06 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wxmsw28uh_html_vc.dll
MOD - [2009/05/14 19:17:42 | 000,729,088 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wxmsw28uh_adv_vc.dll
MOD - [2009/05/14 19:17:28 | 003,194,880 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wxmsw28uh_core_vc.dll
MOD - [2009/05/14 19:16:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wxbase28uh_net_vc.dll
MOD - [2009/05/14 19:16:02 | 001,331,200 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\wxbase28uh_vc.dll
MOD - [2009/05/13 10:45:52 | 000,957,952 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\pycurl.pyd
MOD - [2009/05/11 13:37:36 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\myibay1.pyd
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll
MOD - [2009/02/16 14:45:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\win32gui.pyd
MOD - [2009/02/16 14:45:28 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\win32api.pyd
MOD - [2009/02/16 14:43:12 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\win32pipe.pyd
MOD - [2009/02/16 14:42:54 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\win32event.pyd
MOD - [2008/12/23 16:11:38 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\_socket.pyd
MOD - [2008/12/23 16:11:34 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\_hashlib.pyd
MOD - [2008/12/23 16:11:32 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\_ssl.pyd
MOD - [2008/12/23 16:11:20 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\pyexpat.pyd
MOD - [2008/12/22 11:49:42 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\myibay\dll\webclient2.pyd


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/14 14:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 14:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009/06/25 22:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/07/16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/29 08:24:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/08/31 16:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2010/04/14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/11 14:22:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/04 15:26:34 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/04 03:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/06/04 22:13:44 | 000,867,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/10/07 07:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwLv64.sys -- (NETwLv64) Intel®
DRV:64bit: - [2010/07/20 05:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/07/20 05:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/07/20 05:38:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/07/20 05:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 09:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/25 23:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/04 03:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/10/15 08:57:50 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/10/15 08:53:44 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/10/15 08:52:24 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/03 19:57:26 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/10/30 21:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/26 20:50:24 | 000,391,680 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/04/23 13:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/23 13:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115obex.sys -- (s115obex)
DRV:64bit: - [2007/04/23 13:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007/04/23 13:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007/04/23 13:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV:64bit: - [2006/11/17 01:22:06 | 000,297,272 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/07/16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2004/07/14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...=0709&m=m-6888u
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=0709&m=m-6888u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=0709&m=m-6888u
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2009/10/15 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darron\AppData\Roaming\Mozilla\Extensions
[2009/10/15 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darron\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chrome Refresh = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0\
CHR - Extension: Brushed = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: Air Transporter 3D = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadmcjlkjdnbjcdldpfhakfmfedgadjh\1.0.3_0\
CHR - Extension: TiltShiftMaker = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.2_0\
CHR - Extension: Auto HD for YouTube = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaielpkecabnggniojjhghggjedkecfj\2.5_0\
CHR - Extension: InvisibleHand = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.14_0\
CHR - Extension: Jobs Aggregator = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkdpojefipfdjcihiigpabeofdhgfmo\1.1_0\
CHR - Extension: Webpages CSS Styler = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkhlepfbkdbmiogammhjnibakamiehg\1.9.1_0\

O1 HOSTS File: ([2011/08/08 08:59:11 | 000,436,335 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 15020 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll File not found
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.120\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll File not found
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Darron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152FC9C2-BCAE-427D-A325-2A710891001B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA007C9-AB9C-470E-B19A-76AC652BD1CB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43AEFF13-4E04-4A60-9DE8-BF66552EF0B7}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.120\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08d16289-dc44-11de-be66-000325249fb5}\Shell\AutoRun\command - "" = system32/rundll.exe
O33 - MountPoints2\{08d16289-dc44-11de-be66-000325249fb5}\Shell\explore\command - "" = system32/rundll.exe
O33 - MountPoints2\{08d16289-dc44-11de-be66-000325249fb5}\Shell\open\command - "" = system32/rundll.exe
O33 - MountPoints2\{0dbb1dbb-3c43-11e0-891d-000325249fb5}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{0dbb1dbb-3c43-11e0-891d-000325249fb5}\Shell\slacker\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{4b662107-374f-11df-b314-000325249fb5}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{644024eb-1cda-11e0-b2bf-000325249fb5}\Shell - "" = AutoRun
O33 - MountPoints2\{644024eb-1cda-11e0-b2bf-000325249fb5}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{6e48f5db-eb71-11de-8dee-000325249fb5}\Shell - "" = AutoRun
O33 - MountPoints2\{6e48f5db-eb71-11de-8dee-000325249fb5}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{9859a7ad-ffe4-11de-8779-000325249fb5}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{ceb010ce-75b3-11df-af2a-000325249fb5}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb010ce-75b3-11df-af2a-000325249fb5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ceb012cb-75b3-11df-af2a-000325249fb5}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb012cb-75b3-11df-af2a-000325249fb5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e4de14e3-2121-11df-95fa-000325249fb5}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{e4de14e3-2121-11df-95fa-000325249fb5}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{fc1fbd0d-9cc6-11df-9164-000325249fb5}\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpFolder: C:^Users^Darron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IDrive Tray.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Darron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig:64bit - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files (x86)\Camera Assistant Software for Gateway\traybar.exe (Chicony)
MsConfig:64bit - StartUpReg: cdloader - hkey= - key= - C:\Users\Darron\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig:64bit - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: EzPrint - hkey= - key= - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MsConfig:64bit - StartUpReg: Gdeqi - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Darron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: IDriveE Startup - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Lexmark Pro800-Pro900 Series - hkey= - key= - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe ()
MsConfig:64bit - StartUpReg: MChk - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: newsecureapp70700.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Prime95 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: rdvtspax - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: sta - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe ()
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {DCAA7D58-11BD-E73F-C6BA-DECD2DFBEBB9} - Microsoft Windows Media Player
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FC49C885-5427-4651-4564-F9A32D90CCD1} -
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47CB58F4-2D5C-28C8-47FA-9795A3B91158} - Java (Sun)
ActiveX: {4DE80F30-2A42-63EA-89F0-97A6625AE461} - Browser Customizations
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {79009BD9-AF3B-D330-1F1B-F47315DFCB4D} - Themes Setup
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AB158EA3-C206-9B7A-8067-2244A94FCCA7} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 09:22:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
[2011/11/15 07:35:56 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2AC54AD9-5E59-4509-9F4C-A9DA5D8BF6AD}
[2011/11/15 07:35:46 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0EA39C71-CFE1-4356-BCE6-B06ACE8FE62E}
[2011/11/14 13:34:12 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{465A9AFE-D4C7-4C9F-BC84-9A8C25F22CD9}
[2011/11/14 13:33:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FBC9C177-8A6D-48FE-A2B6-C5FBEC7BA715}
[2011/11/14 01:33:36 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DDB63B26-4F8E-4305-937A-9E7E671DB46B}
[2011/11/14 01:33:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A44C19B7-C506-4367-AF3D-182966FCBD01}
[2011/11/13 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4D2C5984-387A-4F11-BF86-96054B9F39C4}
[2011/11/13 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DC2A9E16-90F4-4CDB-8FEB-C68B830A1941}
[2011/11/12 14:01:10 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8A47663F-6683-437C-B76A-CE9CE061F489}
[2011/11/12 14:00:47 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FEF24643-6407-4BCF-A017-88E1F543D31E}
[2011/11/12 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F0CF85B7-A2F5-4311-B5AD-3EFE6BD52D31}
[2011/11/12 02:00:11 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{34303754-D6BC-4285-9E28-1FA41833EC01}
[2011/11/11 13:59:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7DF6A279-D76A-499D-8D03-4C8A17FCB972}
[2011/11/11 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0B383D6D-5CB6-4387-A669-D7C05976C7D9}
[2011/11/11 01:59:02 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9AF3E265-8EBB-4490-B396-D9FC0EE2E6D6}
[2011/11/11 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CCBAC2F6-F556-4A15-9665-EFFA8357C334}
[2011/11/10 13:58:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FFC46D14-E72C-4C41-BB8A-184508A0E829}
[2011/11/10 13:57:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{480DF76D-3C13-4221-B765-52608BFBF9F5}
[2011/11/09 13:05:12 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DDB1D389-BB7C-4950-B095-B7EFC651621B}
[2011/11/09 13:04:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FF316FDC-100A-445A-984A-490001B2BEC6}
[2011/11/09 01:04:19 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{83ED5959-6BB6-4903-8718-2B9021F1CD76}
[2011/11/09 01:03:56 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{964B69C7-49AD-4143-96BF-7FEC223E842D}
[2011/11/08 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2E95747F-6534-41FC-A6B5-990BAB7C3965}
[2011/11/08 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{EE5A2701-C7B4-4DD6-AEDC-1A5B0BA1F9B6}
[2011/11/08 01:02:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7C142703-54D7-44D6-884B-1179BBC3F45E}
[2011/11/08 01:02:07 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{53C8D488-264A-421E-876F-A9C60C18B5E6}
[2011/11/07 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{34104D89-097B-4DD7-B115-B6B17D2615C3}
[2011/11/07 11:28:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B7E9034F-9CEE-4CB8-A9D7-C751E5AEBE45}
[2011/11/06 01:58:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0C76A9C8-9C0C-437A-B044-9954A8A68A92}
[2011/11/06 01:58:03 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{810C32ED-5D85-44D6-87C7-01F942D9181B}
[2011/11/06 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/06 00:35:58 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/11/06 00:35:58 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/11/06 00:35:58 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/06 00:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/06 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/06 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/06 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/06 00:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/06 00:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/05 15:57:46 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\uTorrent
[2011/11/05 09:39:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{BB053754-3A5C-43E9-9E33-C7A289873AEF}
[2011/11/05 09:38:52 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{EBA86BD4-E3E6-41DA-959F-9742875C717E}
[2011/11/04 09:56:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E02FA0D5-A21C-4A98-8C55-29AC99FFD064}
[2011/11/04 09:56:06 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{BD4EEED1-A2F8-4803-9B3E-C0E4C511362F}
[2011/11/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B0F79C27-D8E8-4138-B249-054599EC0A15}
[2011/11/03 16:18:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B98D4B05-C03B-418F-9256-71A761D14FF0}
[2011/11/02 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\Darron\Desktop\Business Plan Stuff
[2011/11/02 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{246A2DA1-1486-471B-832C-EBB6F059ED07}
[2011/11/02 13:45:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7BE1E65A-2CAB-45B9-A38F-2A157350D901}
[2011/11/01 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9181B2C0-441C-4D43-BE22-76E0BAED0CDF}
[2011/11/01 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{3CC4EDFF-A472-4535-BBCC-91642A80A7BD}
[2011/11/01 11:17:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/01 11:17:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/01 11:17:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/01 11:17:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/01 11:17:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/01 11:17:08 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/01 11:17:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/01 11:17:06 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/01 11:17:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/01 11:14:28 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/01 11:14:27 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/11/01 11:14:27 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/11/01 11:14:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/01 11:14:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/11/01 11:14:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/11/01 11:12:06 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/01 11:12:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/01 11:12:05 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/01 11:12:05 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/01 11:12:05 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/11/01 11:12:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/11/01 11:12:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/11/01 11:12:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/11/01 10:48:00 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{05E033E5-84E3-44F5-8837-982188E59538}
[2011/11/01 10:47:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D1D262AE-37C9-44C3-B9CE-4F8BBE8BCAA9}
[2011/10/31 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E689F3E7-B9E0-460F-87E9-7467F0E66A60}
[2011/10/31 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2C5D4D5F-C119-4E63-BA53-CA7D8B4F8F16}
[2011/10/31 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6A2935E8-E00D-47E8-AF7C-DA4AB694F75A}
[2011/10/31 00:09:30 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6CF9EFBE-6730-4386-B492-853127422F0B}
[2011/10/30 18:57:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\Adobe Mini Bridge CS5
[2011/10/30 18:57:25 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/30 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{15340787-FC05-45B5-9BB7-DD73EB9764CB}
[2011/10/30 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C8951910-095D-4DB5-9568-EF776736F110}
[2011/10/30 00:24:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/29 00:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/29 00:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/28 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CE7CB349-4765-4CEE-83F5-D0180D28F972}
[2011/10/28 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F309E9BC-D4E0-4B2F-A784-51677F70A4FB}
[2011/10/27 21:42:16 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B4E4FDB8-67ED-4926-8508-D8D777E08A42}
[2011/10/27 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B63936F8-BEBF-4AAC-8947-705BC9B0E6F6}
[2011/10/27 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CE6F150E-7164-4F8A-8A88-1B158EBE4C76}
[2011/10/27 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{78C73CC4-D3A7-4ABB-8029-CCA7EC75FBF8}
[2011/10/26 12:33:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0DDB97C2-446D-4D1F-9955-905BE9B9B8F0}
[2011/10/26 12:33:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9D2895F6-B307-45A8-9738-367965F4CBAE}
[2011/10/26 00:33:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CDF3CB39-8B24-4D5B-86C0-146CD54A00A0}
[2011/10/26 00:32:42 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C4C589BB-4950-4853-8395-732DEBB4D7DA}
[2011/10/25 12:32:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8258FBA0-AE74-43A1-B966-FED84A212E82}
[2011/10/25 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F03A8CC7-5A8B-4A09-827C-EE219520B2FA}
[2011/10/25 00:27:06 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{27B62B40-37EB-483F-AEB0-0A0077961BF6}
[2011/10/25 00:26:45 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D30F1474-BFE7-4E6F-B24B-D652ABBCD0A2}
[2011/10/24 12:26:18 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{323E3C57-6CBE-4785-BFE1-3EC98C002F23}
[2011/10/24 12:25:55 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{64118495-C7B4-4CC7-86BC-C540C3C7C063}
[2011/10/24 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{06DEEF85-5963-4113-8370-10C73B4167B2}
[2011/10/24 00:25:04 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2A821AE1-9A25-454D-8EC8-20A689F17823}
[2011/10/23 00:36:37 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6C8E3CB5-6FD0-49C7-ADC7-4BD76AD7EB92}
[2011/10/23 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{75A37005-4C45-4307-8829-3BD8FC7783FA}
[2011/10/23 00:19:48 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A29593BD-F0A1-4504-A98F-DBD86C130E70}
[2011/10/22 01:21:16 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D3AF19A5-4200-406F-BCC7-ADE721C574D7}
[2011/10/22 01:20:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{03BEEF89-8F5F-49A3-BDC5-80BA7979987C}
[2011/10/21 12:05:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{06F48808-A92E-4D1E-8D4C-0256A1B2A4E1}
[2011/10/21 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E80F142C-1F8A-4AD9-97AF-06C13A87F056}
[2011/10/20 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C411A526-79D5-46A9-B778-B51AFBCDA111}
[2011/10/20 23:11:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A2AD2D41-D9DF-4F39-BE47-8CC404CEEDE0}
[2011/10/20 15:04:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\Desktop\Associate Resumes
[2011/10/20 12:38:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/20 12:38:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/20 12:38:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/20 05:52:19 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4B379C27-2422-4BD0-90F7-5300F58F3FD7}
[2011/10/20 05:52:00 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{744CB5B6-3FEB-4449-AC68-AF9814520C90}
[2011/10/19 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2780C695-86CF-466F-986D-98B7879DEE1F}
[2011/10/19 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6DB94E99-8E72-4467-AB89-4DDF23464746}
[2011/10/18 23:49:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8C51455C-3E6E-415F-8D04-B25B54C65C28}
[2011/10/18 23:49:30 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{099CC810-0A4F-47B4-BA72-20EB9CFDAC69}
[2011/10/17 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2E3EC6E0-18AE-46BE-AD2E-94FEF027BCA1}
[2011/10/17 16:49:38 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{43250AA4-7B77-4D2D-97C8-E2D7A1594A44}
[2011/10/16 11:09:41 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A34F124F-9DEF-4763-8283-2A5D03034B6C}
[2011/10/16 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{72E02670-B72B-47A2-80F5-9C32F541156C}
[2011/07/05 15:08:06 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/07/05 15:08:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/07/05 15:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/07/05 15:08:06 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/07/05 15:08:05 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/07/05 15:08:05 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/07/05 15:08:05 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/07/05 15:08:05 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/07/05 15:08:05 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/07/05 15:08:05 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/07/05 15:08:05 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/07/05 15:08:05 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2009/11/13 09:05:59 | 021,044,640 | ---- | C] (Sage Software ) -- C:\Users\Darron\AppData\Roaming\ACT1200HotFix_SS.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/15 09:36:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000UA.job
[2011/11/15 09:34:56 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 09:34:56 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 09:22:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
[2011/11/15 09:15:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/15 08:36:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000Core.job
[2011/11/15 08:16:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/15 07:35:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 01:43:43 | 003,193,190 | ---- | M] () -- C:\Users\Darron\Desktop\Southwern Wine & Spirits career.pdf
[2011/11/14 13:04:01 | 000,106,039 | ---- | M] () -- C:\Users\Darron\Desktop\new book.JPG
[2011/11/14 13:03:43 | 000,038,954 | ---- | M] () -- C:\Users\Darron\Desktop\11x17 poster.JPG
[2011/11/14 13:03:08 | 000,068,508 | ---- | M] () -- C:\Users\Darron\Desktop\new poster.JPG
[2011/11/12 16:09:31 | 000,171,312 | ---- | M] () -- C:\Users\Darron\Desktop\Verizon.jpg
[2011/11/09 19:10:20 | 000,768,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/09 19:10:20 | 000,651,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/09 19:10:20 | 000,121,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/09 14:16:53 | 000,009,267 | ---- | M] () -- C:\Users\Darron\Desktop\try.jpg
[2011/11/09 14:11:45 | 000,003,110 | ---- | M] () -- C:\Users\Darron\Desktop\barcode-image.jpg
[2011/11/08 20:44:36 | 000,067,524 | ---- | M] () -- C:\Users\Darron\Desktop\poster edited.JPG
[2011/11/08 20:42:41 | 000,102,038 | ---- | M] () -- C:\Users\Darron\Desktop\book cover edited.JPG
[2011/11/08 18:33:43 | 000,210,432 | ---- | M] () -- C:\Users\Darron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 17:10:15 | 000,074,074 | ---- | M] () -- C:\Users\Darron\Desktop\Google Trends.JPG
[2011/11/07 19:58:26 | 000,061,924 | ---- | M] () -- C:\Users\Darron\Desktop\IMG_2671.jpg
[2011/11/07 10:43:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/11/04 16:27:00 | 000,035,938 | ---- | M] () -- C:\Users\Darron\Desktop\Darron's Resume ves2.pdf
[2011/11/04 11:32:15 | 000,012,406 | ---- | M] () -- C:\Users\Darron\Desktop\Label.png
[2011/11/02 18:31:31 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2011/11/02 15:13:11 | 000,009,924 | ---- | M] () -- C:\Users\Darron\Desktop\business-plan1.jpg
[2011/11/01 13:54:59 | 004,922,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/01 11:43:31 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2011/10/30 00:24:43 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/29 00:29:57 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 01:09:25 | 000,002,393 | ---- | M] () -- C:\Users\Darron\Desktop\BBSAK.lnk
[2011/10/20 12:37:45 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/20 12:37:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/20 12:37:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/20 12:37:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/15 01:44:05 | 003,193,190 | ---- | C] () -- C:\Users\Darron\Desktop\Southwern Wine & Spirits career.pdf
[2011/11/14 13:03:58 | 000,106,039 | ---- | C] () -- C:\Users\Darron\Desktop\new book.JPG
[2011/11/14 13:03:38 | 000,038,954 | ---- | C] () -- C:\Users\Darron\Desktop\11x17 poster.JPG
[2011/11/14 13:03:05 | 000,068,508 | ---- | C] () -- C:\Users\Darron\Desktop\new poster.JPG
[2011/11/12 16:09:37 | 000,171,312 | ---- | C] () -- C:\Users\Darron\Desktop\Verizon.jpg
[2011/11/09 14:16:53 | 000,009,267 | ---- | C] () -- C:\Users\Darron\Desktop\try.jpg
[2011/11/09 14:11:53 | 000,003,110 | ---- | C] () -- C:\Users\Darron\Desktop\barcode-image.jpg
[2011/11/08 20:44:31 | 000,067,524 | ---- | C] () -- C:\Users\Darron\Desktop\poster edited.JPG
[2011/11/08 20:42:39 | 000,102,038 | ---- | C] () -- C:\Users\Darron\Desktop\book cover edited.JPG
[2011/11/08 17:10:13 | 000,074,074 | ---- | C] () -- C:\Users\Darron\Desktop\Google Trends.JPG
[2011/11/07 19:58:31 | 000,061,924 | ---- | C] () -- C:\Users\Darron\Desktop\IMG_2671.jpg
[2011/11/04 16:27:10 | 000,035,938 | ---- | C] () -- C:\Users\Darron\Desktop\Darron's Resume ves2.pdf
[2011/11/04 11:32:21 | 000,012,406 | ---- | C] () -- C:\Users\Darron\Desktop\Label.png
[2011/11/02 15:13:19 | 000,009,924 | ---- | C] () -- C:\Users\Darron\Desktop\business-plan1.jpg
[2011/10/29 00:29:57 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 23:59:19 | 073,044,420 | ---- | C] () -- C:\Users\Darron\Documents\New Book1.psd
[2011/10/05 16:23:08 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\W32mkrc.dll
[2011/10/05 16:23:07 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\OC25JPN.DLL
[2011/10/05 16:23:06 | 000,014,256 | ---- | C] () -- C:\Windows\SysWow64\VAJP2.DLL
[2011/10/05 16:22:58 | 000,000,255 | ---- | C] () -- C:\Windows\NSFASTW.INI
[2011/10/05 14:19:14 | 000,002,048 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\A&I Book Creator Prefs
[2011/09/28 10:53:41 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2011/07/28 11:29:00 | 000,001,332 | ---- | C] () -- \initdb526.ora
[2011/07/27 17:13:57 | 000,001,397 | ---- | C] () -- \newinitDB504.ora
[2011/07/27 17:13:57 | 000,001,332 | ---- | C] () -- \initfile.ora
[2011/07/05 15:08:06 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/07/05 15:08:06 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/07/05 15:08:06 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/07/05 15:08:06 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/07/05 15:08:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/07/05 15:08:06 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/07/05 15:08:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/07/05 15:08:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/07/05 15:04:49 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/07/05 15:04:48 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/02/22 00:42:43 | 000,000,600 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\winscp.rnd
[2011/02/14 03:32:58 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/02/14 03:32:09 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/14 03:32:01 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/02/14 03:32:01 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 03:32:01 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 03:31:54 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/02 13:41:22 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/10/15 02:07:05 | 000,000,701 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\init.dll
[2010/10/15 02:07:05 | 000,000,006 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\SYSTEM32.dll
[2010/10/15 02:06:54 | 000,000,701 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\sound.dll
[2010/10/15 02:05:09 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/10/13 21:52:46 | 000,001,456 | ---- | C] () -- C:\Users\Darron\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/12 18:09:28 | 000,000,132 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/16 13:17:23 | 000,000,732 | ---- | C] () -- C:\Users\Darron\AppData\Local\d3d9caps64.dat
[2009/12/08 14:10:45 | 000,130,503 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/12/08 14:10:45 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/12/08 14:10:38 | 000,355,416 | ---- | C] () -- \hpzids40.dll
[2009/12/03 12:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 12:42:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 12:41:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/13 09:11:25 | 000,787,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/26 20:18:09 | 000,026,311 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\UserTile.png
[2009/10/24 15:06:39 | 000,000,256 | ---- | C] () -- \pool.bin
[2009/10/22 19:28:33 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/10/14 22:14:47 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2009/10/11 16:19:14 | 000,000,268 | RH-- | C] () -- C:\Users\Darron\AppData\Roaming\Rock
[2009/10/10 20:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Darron\AppData\Local\d3d9caps.dat
[2009/10/10 14:37:19 | 000,210,432 | ---- | C] () -- C:\Users\Darron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 00:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/03/04 13:53:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/04 13:09:41 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009/03/04 13:09:40 | 000,333,257 | RHS- | C] () -- \bootmgr
[2009/03/04 13:06:36 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 21:03:36 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\REWCACHE.DAT
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/09/23 02:39:38 | 000,894,976 | ---- | C] () -- \msdia80.dll

========== LOP Check ==========

[2009/11/17 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\.myibay
[2011/10/05 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\A&I Book Creator
[2009/11/13 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ACT
[2011/01/09 00:32:44 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Ashampoo
[2011/03/03 16:53:02 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/15 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Dropbox
[2011/05/29 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\DRPSu
[2011/09/09 03:51:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\F6F31246D56317A2310463B7840217AF
[2009/10/30 11:51:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\GARMIN
[2011/06/29 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\GetRightToGo
[2011/07/02 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\HandBrake
[2011/06/27 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\HDRsoft
[2011/07/05 18:59:23 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ICAClient
[2009/11/13 09:19:26 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\IsolatedStorage
[2009/12/22 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Mipony
[2010/07/24 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\mjusbsp
[2010/10/25 13:17:13 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\MyScribe
[2009/10/14 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Nikon
[2010/01/12 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\OxelonMC
[2009/11/03 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\PeerNetworking
[2010/11/16 14:03:49 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Prish
[2011/07/14 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Pro800-Pro900 Series
[2010/10/09 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\QuickScan
[2011/06/29 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Red Kawa
[2010/11/17 12:27:21 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Research In Motion
[2011/08/12 01:07:55 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\rinsebyreal
[2011/09/28 10:53:24 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Softouch
[2011/08/17 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Solveig Multimedia
[2011/10/30 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/02 01:15:09 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\SWiSH Max3
[2011/11/11 19:00:59 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\uTorrent
[2011/02/18 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Windows Live Writer
[2011/11/07 09:54:49 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/11/17 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\.myibay
[2011/10/05 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\A&I Book Creator
[2009/11/13 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ACT
[2011/10/19 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Adobe
[2011/10/30 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Adobe Mini Bridge CS5
[2011/01/08 19:30:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Apple Computer
[2011/01/09 00:32:44 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Ashampoo
[2009/10/09 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ATI
[2011/03/03 16:53:02 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/23 15:27:40 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\CyberLink
[2011/11/15 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Dropbox
[2011/05/29 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\DRPSu
[2010/06/28 00:29:48 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\dvdcss
[2011/09/09 03:51:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\F6F31246D56317A2310463B7840217AF
[2009/10/30 11:51:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\GARMIN
[2011/06/29 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\GetRightToGo
[2011/07/02 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\HandBrake
[2011/06/27 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\HDRsoft
[2011/07/05 18:59:23 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ICAClient
[2009/10/09 20:21:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Identities
[2009/10/11 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\InstallShield
[2009/11/13 09:19:26 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\IsolatedStorage
[2011/01/27 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Macromedia
[2010/01/06 13:06:00 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Malwarebytes
[2006/11/02 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Media Center Programs
[2011/03/09 00:29:17 | 000,000,000 | --SD | M] -- C:\Users\Darron\AppData\Roaming\Microsoft
[2009/12/22 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Mipony
[2010/07/24 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\mjusbsp
[2011/11/01 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Mozilla
[2010/10/25 13:17:13 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\MyScribe
[2009/10/14 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Nikon
[2010/01/12 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\OxelonMC
[2009/11/03 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\PeerNetworking
[2010/11/16 14:03:49 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Prish
[2011/07/14 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Pro800-Pro900 Series
[2010/10/09 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\QuickScan
[2011/06/29 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Red Kawa
[2010/11/17 12:27:21 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Research In Motion
[2011/08/12 01:07:55 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\rinsebyreal
[2009/10/09 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Roxio
[2011/05/04 11:05:40 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Skype
[2011/05/04 10:46:29 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\skypePM
[2011/09/28 10:53:24 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Softouch
[2011/08/17 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Solveig Multimedia
[2011/10/30 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/02 01:15:09 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\SWiSH Max3
[2009/10/09 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Symantec
[2010/09/23 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\UltraVNC
[2011/11/11 19:00:59 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\uTorrent
[2011/05/07 00:59:48 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\vlc
[2011/03/13 14:28:29 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Winamp
[2011/02/18 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Windows Live Writer
[2009/10/16 01:21:19 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\WinRAR
[2010/08/31 12:59:34 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Yahoo!


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/06/10 13:53:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/06/10 13:53:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/06/10 13:53:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/10 13:53:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/06/10 13:53:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/10 13:52:52 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/10 13:52:52 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/10 13:52:52 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/10 13:53:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/06/10 13:53:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

aswMBR Results

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-15 10:11:58
-----------------------------
10:11:58.263 OS Version: Windows x64 6.0.6002 Service Pack 2
10:11:58.263 Number of processors: 2 586 0x170A
10:11:58.264 ComputerName: DARRON-PC UserName: Darron
10:12:01.643 Initialize success
10:12:01.879 AVAST engine defs: 11111500
10:12:36.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:12:36.815 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
10:12:36.836 Disk 0 MBR read successfully
10:12:36.839 Disk 0 MBR scan
10:12:36.842 Disk 0 unknown MBR code
10:12:36.846 Service scanning
10:12:38.928 Modules scanning
10:12:38.932 Disk 0 trace - called modules:
10:12:38.959 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
10:12:38.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f35790]
10:12:38.967 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> [0xfffffa8004a692a0]
10:12:38.972 5 acpi.sys[fffffa60008f2fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bcb050]
10:12:40.544 AVAST engine scan C:\Windows
10:12:47.648 AVAST engine scan C:\Windows\system32
10:15:38.969 AVAST engine scan C:\Windows\system32\drivers
10:16:09.275 AVAST engine scan C:\Users\Darron
11:31:54.711 AVAST engine scan C:\ProgramData
11:38:14.541 Scan finished successfully
12:33:28.336 Disk 0 MBR has been saved successfully to "C:\Users\Darron\Desktop\MBR.dat"
12:33:28.341 The log file has been saved successfully to "C:\Users\Darron\Desktop\aswMBR.txt"

Edited by Snypa86, 15 November 2011 - 11:40 AM.

  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Next:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:

Open OTL, click the None button and under Extra Registry select Use Safelist. Press Run Scan and post the Extras.txt log it will produce
  • 0

#7
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

MBR

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: M-6888u
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 160):
0x02C01000 \SystemRoot\system32\ntoskrnl.exe
0x03119000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064C000 \SystemRoot\system32\PSHED.dll
0x00660000 \SystemRoot\system32\CLFS.SYS
0x006BD000 \SystemRoot\system32\CI.dll
0x00800000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E8000 \SystemRoot\system32\drivers\acpi.sys
0x0093E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00947000 \SystemRoot\system32\drivers\msisadrv.sys
0x00951000 \SystemRoot\system32\drivers\pci.sys
0x00981000 \SystemRoot\System32\drivers\partmgr.sys
0x00996000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009A6000 \SystemRoot\system32\drivers\volmgr.sys
0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BA000 \SystemRoot\system32\drivers\intelide.sys
0x009C2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009D2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B0F000 \SystemRoot\system32\drivers\atapi.sys
0x00B17000 \SystemRoot\system32\drivers\ataport.SYS
0x00B3B000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B82000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E06000 \SystemRoot\system32\drivers\ndis.sys
0x00C87000 \SystemRoot\system32\drivers\msrpc.sys
0x00CD7000 \SystemRoot\system32\drivers\NETIO.SYS
0x01005000 \SystemRoot\System32\drivers\tcpip.sys
0x01179000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
0x013D9000 \SystemRoot\System32\Drivers\mup.sys
0x011A5000 \SystemRoot\System32\drivers\ecache.sys
0x013EB000 \SystemRoot\system32\drivers\disk.sys
0x011D1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02304000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02311000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0231A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0232D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0260E000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02C25000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02D08000 \SystemRoot\System32\drivers\watchdog.sys
0x02405000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x024F2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x024FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02544000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02555000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x03542000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03558000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03566000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x035B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x035DF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x025A5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02D18000 \SystemRoot\system32\DRIVERS\storport.sys
0x035EC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x025DE000 \SystemRoot\System32\Drivers\RootMdm.sys
0x025E6000 \SystemRoot\system32\drivers\modem.sys
0x02D75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02D98000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02DA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02332000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x025F5000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x02350000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02363000 \SystemRoot\system32\DRIVERS\VClone.sys
0x02372000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x035F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x023A0000 \SystemRoot\system32\DRIVERS\ks.sys
0x02600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x023D4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00D30000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x023E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00FD7000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x00D78000 \SystemRoot\system32\drivers\portcls.sys
0x00DB3000 \SystemRoot\system32\drivers\drmk.sys
0x02E00000 \SystemRoot\system32\drivers\ksthunk.sys
0x00B96000 \SystemRoot\system32\drivers\stwrt64.sys
0x04605000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04657000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x04A0B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04AD6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04AF2000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x04AFB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04B25000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x04BBD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04BC7000 \SystemRoot\System32\Drivers\Null.SYS
0x04BD0000 \SystemRoot\System32\drivers\vga.sys
0x047CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04BDE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04BE7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04BF0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00DD6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04A00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x007D5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x00DE7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x009E5000 \SystemRoot\system32\DRIVERS\smb.sys
0x04C08000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04C4C000 \SystemRoot\system32\drivers\afd.sys
0x04CB7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04CC4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04CE2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04CF1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04D0C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04D59000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04D65000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x04D71000 \SystemRoot\System32\Drivers\dfsc.sys
0x04D8E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x04DF2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x047F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x05E1F000 \SystemRoot\system32\drivers\luafv.sys
0x05E41000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05E7B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05E84000 \SystemRoot\system32\drivers\spsys.sys
0x05F1E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05F32000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05F66000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05F71000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07009000 \SystemRoot\system32\drivers\HTTP.sys
0x070AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x070D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x070F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0710D000 \SystemRoot\system32\drivers\mrxdav.sys
0x07134000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0715D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x071A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x071C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07201000 \SystemRoot\System32\DRIVERS\srv.sys
0x072AF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x072C2000 \SystemRoot\System32\Drivers\adfs.SYS
0x072F2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x072F7000 \SystemRoot\system32\drivers\peauth.sys
0x073AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x073B8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x073C8000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x073D0000 \SystemRoot\system32\drivers\tdtcp.sys
0x073DD000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x05F89000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x05FC5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x02E06000 \SystemRoot\system32\DRIVERS\NETwLv64.sys
0x0BE00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0BE7F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0BFA6000 \??\C:\Users\Darron\AppData\Local\Temp\aswMBR.sys
0x0BFB4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0BFBD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0BFCF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0BF35000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x76E60000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
524 C:\Windows\System32\smss.exe
596 csrss.exe
652 C:\Windows\System32\wininit.exe
672 csrss.exe
708 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\winlogon.exe
920 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
220 C:\Windows\System32\svchost.exe
564 C:\Windows\System32\atiesrxx.exe
12 C:\Windows\System32\svchost.exe
660 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\SLsvc.exe
1188 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\atieclxx.exe
1504 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1932 C:\Windows\System32\spoolsv.exe
1956 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\dwm.exe
2060 C:\Windows\System32\taskeng.exe
2112 C:\Windows\System32\taskeng.exe
2120 C:\Windows\explorer.exe
2568 C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2576 C:\Windows\ehome\ehtray.exe
2608 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2616 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2688 C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe
2716 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2776 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2792 HP1006MC.EXE
2932 C:\Windows\ehome\ehmsas.exe
3024 C:\Program Files\Bonjour\mDNSResponder.exe
2280 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
1788 C:\Windows\System32\svchost.exe
2560 C:\Windows\System32\lxeccoms.exe
2648 C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
2540 C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
2244 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
3092 C:\Windows\System32\svchost.exe
3200 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3248 C:\Windows\System32\svchost.exe
3284 C:\Windows\System32\svchost.exe
3384 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3408 C:\Windows\System32\SearchIndexer.exe
3524 C:\Windows\System32\drivers\XAudio64.exe
3560 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3680 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3948 C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
4056 C:\Program Files\iPod\bin\iPodService.exe
4956 C:\Windows\System32\svchost.exe
4464 C:\Windows\System32\svchost.exe
5084 C:\Program Files\Windows Media Player\wmpnetwk.exe
4952 C:\Windows\System32\wuauclt.exe
4508 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
4484 C:\Program Files\Windows Media Player\wmpnscfg.exe
5600 C:\Windows\splwow64.exe
4852 C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
3512 C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
3620 C:\Windows\System32\mobsync.exe
2760 C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe
4204 C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe
2260 C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe
4788 C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe
5484 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
3452 C:\Users\Darron\AppData\Local\Google\Chrome\Application\chrome.exe
1180 C:\Windows\System32\SearchProtocolHost.exe
1828 C:\Windows\System32\SearchFilterHost.exe
6680 C:\Users\Darron\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16320FCDEEF27AEA4D198A0877B9A7EECB751892


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

COMBO

ComboFix 11-11-15.06 - Darron 11/16/2011 12:29:22.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2883 [GMT -5:00]
Running from: c:\users\Darron\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\System
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 17:55 . 2011-11-16 17:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D28B770-6D3E-4217-A7A7-2FA1468D7A9F}\offreg.dll
2011-11-16 17:49 . 2011-11-16 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 05:35 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-06 05:35 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-06 05:35 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-06 05:35 . 2011-11-06 05:35 -------- d-----w- c:\program files\iPod
2011-11-06 05:35 . 2011-11-06 05:35 -------- d-----w- c:\program files\iTunes
2011-11-06 05:35 . 2011-11-06 05:35 -------- d-----w- c:\program files (x86)\iTunes
2011-11-06 05:31 . 2011-11-06 05:31 -------- d-----w- c:\program files\Common Files\Apple
2011-11-06 05:31 . 2011-11-06 05:31 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-06 05:31 . 2011-11-06 05:31 -------- d-----w- c:\program files\Bonjour
2011-11-05 20:57 . 2011-11-12 00:00 -------- d-----w- c:\users\Darron\AppData\Roaming\uTorrent
2011-11-01 16:26 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D28B770-6D3E-4217-A7A7-2FA1468D7A9F}\mpengine.dll
2011-11-01 16:14 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-11-01 16:14 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-01 16:14 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-01 16:14 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-11-01 16:14 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-01 16:14 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-01 16:14 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-01 16:14 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-11-01 16:14 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:13 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-01 16:13 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-01 16:12 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-01 16:12 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-11-01 16:12 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-01 16:12 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-01 16:12 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-01 16:12 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-11-01 16:12 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-11-01 16:12 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-30 23:57 . 2011-10-30 23:57 -------- d-----w- c:\users\Darron\AppData\Roaming\Adobe Mini Bridge CS5
2011-10-30 23:57 . 2011-10-30 23:57 -------- d-----w- c:\users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-10-30 05:24 . 2011-10-30 05:24 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-29 05:29 . 2011-10-29 05:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 17:37 . 2011-09-01 19:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-15 04:38 . 2011-10-15 04:38 413696 ----a-r- c:\users\Darron\AppData\Roaming\Microsoft\Installer\{FD1E77D4-327F-4E24-9240-C82902068033}\BlackBerry.exe
2011-10-11 17:32 . 2011-10-11 17:32 69632 ----a-r- c:\users\Darron\AppData\Roaming\Microsoft\Installer\{5B7CF62F-D339-4FAA-A610-372ED5A2787F}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2011-10-11 17:32 . 2011-10-11 17:32 69632 ----a-r- c:\users\Darron\AppData\Roaming\Microsoft\Installer\{5B7CF62F-D339-4FAA-A610-372ED5A2787F}\DesktopMgr.exe
2011-10-11 17:32 . 2011-10-11 17:32 49152 ----a-r- c:\users\Darron\AppData\Roaming\Microsoft\Installer\{5B7CF62F-D339-4FAA-A610-372ED5A2787F}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2011-10-11 17:32 . 2011-10-11 17:32 49152 ----a-r- c:\users\Darron\AppData\Roaming\Microsoft\Installer\{5B7CF62F-D339-4FAA-A610-372ED5A2787F}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2011-10-11 17:32 . 2011-10-11 17:32 49152 ----a-r- c:\users\Darron\AppData\Roaming\Microsoft\Installer\{5B7CF62F-D339-4FAA-A610-372ED5A2787F}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2011-09-06 20:45 . 2010-10-23 20:42 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-10-23 20:42 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-01-14 03:22 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-22 08:02 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2010-10-23 20:43 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-10-23 20:43 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-10-23 20:43 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-10-23 20:43 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-10-23 20:43 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 21:00 . 2010-01-06 18:05 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-02-18 . 53AE63B98BB1C3D7F6A2D70BDD12D5D5 . 546816 . . [6.0.6001.18000] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\Darron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 135664]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-08-31 17920]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 135664]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw4v64.sys [x]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 27648]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 04:32]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 04:32]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000Core.job
- c:\users\Darron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 01:41]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000UA.job
- c:\users\Darron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 01:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Darron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0709&m=m-6888u
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: DOWNLOADWITH - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTo1.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTo1.dll
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTo1.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2670984328-1985135284-1998418574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)"/*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2670984328-1985135284-1998418574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)"/*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2011-11-16 13:08:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-16 18:08
.
Pre-Run: 131,635,769,344 bytes free
Post-Run: 138,120,335,360 bytes free
.
- - End Of File - - C075C850A1980A99BD176CD6FB35EB10

OTL


OTL logfile created on: 11/16/2011 1:09:25 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Darron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.28% Memory free
8.17 Gb Paging File | 6.19 Gb Available in Paging File | 75.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.09 Gb Total Space | 128.66 Gb Free Space | 45.13% Space Free | Partition Type: NTFS

Computer Name: DARRON-PC | User Name: Darron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 09:22:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 22:02:56 | 000,420,920 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 22:02:55 | 003,702,840 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 22:01:20 | 000,122,952 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 22:01:19 | 000,222,280 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 22:01:17 | 001,746,504 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/05/27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/14 14:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 14:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009/06/25 22:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/07/16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/29 08:24:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/08/31 16:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2010/04/14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/11 14:22:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/04 15:26:34 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/04 03:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/06/04 22:13:44 | 000,867,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/10/07 07:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwLv64.sys -- (NETwLv64) Intel®
DRV:64bit: - [2010/07/20 05:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/07/20 05:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/07/20 05:38:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/07/20 05:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 09:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/25 23:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/04 03:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/10/15 08:57:50 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/10/15 08:53:44 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/10/15 08:52:24 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/03 19:57:26 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/10/30 21:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/26 20:50:24 | 000,391,680 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/04/23 13:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/23 13:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115obex.sys -- (s115obex)
DRV:64bit: - [2007/04/23 13:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007/04/23 13:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007/04/23 13:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV:64bit: - [2006/11/17 01:22:06 | 000,297,272 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/07/16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2004/07/14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=0709&m=m-6888u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=0709&m=m-6888u
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2009/10/15 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darron\AppData\Roaming\Mozilla\Extensions
[2009/10/15 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darron\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chrome Refresh = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0\
CHR - Extension: Brushed = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: Air Transporter 3D = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadmcjlkjdnbjcdldpfhakfmfedgadjh\1.0.3_0\
CHR - Extension: TiltShiftMaker = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.2_0\
CHR - Extension: Auto HD for YouTube = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaielpkecabnggniojjhghggjedkecfj\2.5_0\
CHR - Extension: InvisibleHand = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.14_0\
CHR - Extension: Jobs Aggregator = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkdpojefipfdjcihiigpabeofdhgfmo\1.1_0\
CHR - Extension: Webpages CSS Styler = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkhlepfbkdbmiogammhjnibakamiehg\1.9.1_0\

O1 HOSTS File: ([2011/11/16 12:55:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll File not found
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.120\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Darron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152FC9C2-BCAE-427D-A325-2A710891001B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA007C9-AB9C-470E-B19A-76AC652BD1CB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43AEFF13-4E04-4A60-9DE8-BF66552EF0B7}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.120\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 13:08:20 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\temp
[2011/11/16 12:25:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/16 12:25:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/16 12:25:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/16 12:25:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/16 12:25:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/16 12:25:38 | 000,000,000 | ---D | C] -- \Qoobox
[2011/11/16 12:23:02 | 004,296,444 | R--- | C] (Swearware) -- C:\Users\Darron\Desktop\ComboFix.exe
[2011/11/16 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{968E812D-C826-4210-9C86-AEF3D9DB5CBA}
[2011/11/16 11:10:55 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{17C3BFF5-2083-4E03-AAFC-B306F99F777F}
[2011/11/15 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{3ED27406-13B9-45A9-9758-CA32217BCCAF}
[2011/11/15 19:36:35 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B90D6854-7E7F-4603-A193-F47DA1BADFD9}
[2011/11/15 10:11:27 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Darron\Desktop\aswMBR.exe
[2011/11/15 09:22:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
[2011/11/15 07:35:56 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2AC54AD9-5E59-4509-9F4C-A9DA5D8BF6AD}
[2011/11/15 07:35:46 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0EA39C71-CFE1-4356-BCE6-B06ACE8FE62E}
[2011/11/14 13:34:12 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{465A9AFE-D4C7-4C9F-BC84-9A8C25F22CD9}
[2011/11/14 13:33:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FBC9C177-8A6D-48FE-A2B6-C5FBEC7BA715}
[2011/11/14 01:33:36 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DDB63B26-4F8E-4305-937A-9E7E671DB46B}
[2011/11/14 01:33:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A44C19B7-C506-4367-AF3D-182966FCBD01}
[2011/11/13 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4D2C5984-387A-4F11-BF86-96054B9F39C4}
[2011/11/13 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DC2A9E16-90F4-4CDB-8FEB-C68B830A1941}
[2011/11/12 14:01:10 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8A47663F-6683-437C-B76A-CE9CE061F489}
[2011/11/12 14:00:47 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FEF24643-6407-4BCF-A017-88E1F543D31E}
[2011/11/12 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F0CF85B7-A2F5-4311-B5AD-3EFE6BD52D31}
[2011/11/12 02:00:11 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{34303754-D6BC-4285-9E28-1FA41833EC01}
[2011/11/11 13:59:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7DF6A279-D76A-499D-8D03-4C8A17FCB972}
[2011/11/11 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0B383D6D-5CB6-4387-A669-D7C05976C7D9}
[2011/11/11 01:59:02 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9AF3E265-8EBB-4490-B396-D9FC0EE2E6D6}
[2011/11/11 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CCBAC2F6-F556-4A15-9665-EFFA8357C334}
[2011/11/10 13:58:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FFC46D14-E72C-4C41-BB8A-184508A0E829}
[2011/11/10 13:57:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{480DF76D-3C13-4221-B765-52608BFBF9F5}
[2011/11/09 13:05:12 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DDB1D389-BB7C-4950-B095-B7EFC651621B}
[2011/11/09 13:04:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FF316FDC-100A-445A-984A-490001B2BEC6}
[2011/11/09 01:04:19 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{83ED5959-6BB6-4903-8718-2B9021F1CD76}
[2011/11/09 01:03:56 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{964B69C7-49AD-4143-96BF-7FEC223E842D}
[2011/11/08 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2E95747F-6534-41FC-A6B5-990BAB7C3965}
[2011/11/08 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{EE5A2701-C7B4-4DD6-AEDC-1A5B0BA1F9B6}
[2011/11/08 01:02:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7C142703-54D7-44D6-884B-1179BBC3F45E}
[2011/11/08 01:02:07 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{53C8D488-264A-421E-876F-A9C60C18B5E6}
[2011/11/07 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{34104D89-097B-4DD7-B115-B6B17D2615C3}
[2011/11/07 11:28:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B7E9034F-9CEE-4CB8-A9D7-C751E5AEBE45}
[2011/11/06 01:58:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0C76A9C8-9C0C-437A-B044-9954A8A68A92}
[2011/11/06 01:58:03 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{810C32ED-5D85-44D6-87C7-01F942D9181B}
[2011/11/06 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/06 00:35:58 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/11/06 00:35:58 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/11/06 00:35:58 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/06 00:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/06 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/06 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/06 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/06 00:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/06 00:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/05 15:57:46 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\uTorrent
[2011/11/05 09:39:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{BB053754-3A5C-43E9-9E33-C7A289873AEF}
[2011/11/05 09:38:52 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{EBA86BD4-E3E6-41DA-959F-9742875C717E}
[2011/11/04 09:56:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E02FA0D5-A21C-4A98-8C55-29AC99FFD064}
[2011/11/04 09:56:06 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{BD4EEED1-A2F8-4803-9B3E-C0E4C511362F}
[2011/11/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B0F79C27-D8E8-4138-B249-054599EC0A15}
[2011/11/03 16:18:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B98D4B05-C03B-418F-9256-71A761D14FF0}
[2011/11/02 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\Darron\Desktop\Business Plan Stuff
[2011/11/02 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{246A2DA1-1486-471B-832C-EBB6F059ED07}
[2011/11/02 13:45:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7BE1E65A-2CAB-45B9-A38F-2A157350D901}
[2011/11/01 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9181B2C0-441C-4D43-BE22-76E0BAED0CDF}
[2011/11/01 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{3CC4EDFF-A472-4535-BBCC-91642A80A7BD}
[2011/11/01 11:17:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/01 11:17:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/01 11:17:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/01 11:17:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/01 11:17:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/01 11:17:08 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/01 11:17:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/01 11:17:06 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/01 11:17:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/01 11:14:28 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/01 11:14:27 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/11/01 11:14:27 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/11/01 11:14:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/01 11:14:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/11/01 11:14:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/11/01 11:12:06 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/01 11:12:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/01 11:12:05 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/01 11:12:05 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/01 11:12:05 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/11/01 11:12:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/11/01 11:12:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/11/01 11:12:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/11/01 10:48:00 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{05E033E5-84E3-44F5-8837-982188E59538}
[2011/11/01 10:47:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D1D262AE-37C9-44C3-B9CE-4F8BBE8BCAA9}
[2011/10/31 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E689F3E7-B9E0-460F-87E9-7467F0E66A60}
[2011/10/31 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2C5D4D5F-C119-4E63-BA53-CA7D8B4F8F16}
[2011/10/31 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6A2935E8-E00D-47E8-AF7C-DA4AB694F75A}
[2011/10/31 00:09:30 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6CF9EFBE-6730-4386-B492-853127422F0B}
[2011/10/30 18:57:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\Adobe Mini Bridge CS5
[2011/10/30 18:57:25 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/30 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{15340787-FC05-45B5-9BB7-DD73EB9764CB}
[2011/10/30 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C8951910-095D-4DB5-9568-EF776736F110}
[2011/10/30 00:24:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/29 00:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/29 00:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/28 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CE7CB349-4765-4CEE-83F5-D0180D28F972}
[2011/10/28 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F309E9BC-D4E0-4B2F-A784-51677F70A4FB}
[2011/10/27 21:42:16 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B4E4FDB8-67ED-4926-8508-D8D777E08A42}
[2011/10/27 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B63936F8-BEBF-4AAC-8947-705BC9B0E6F6}
[2011/10/27 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CE6F150E-7164-4F8A-8A88-1B158EBE4C76}
[2011/10/27 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{78C73CC4-D3A7-4ABB-8029-CCA7EC75FBF8}
[2011/10/26 12:33:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0DDB97C2-446D-4D1F-9955-905BE9B9B8F0}
[2011/10/26 12:33:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9D2895F6-B307-45A8-9738-367965F4CBAE}
[2011/10/26 00:33:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CDF3CB39-8B24-4D5B-86C0-146CD54A00A0}
[2011/10/26 00:32:42 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C4C589BB-4950-4853-8395-732DEBB4D7DA}
[2011/10/25 12:32:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8258FBA0-AE74-43A1-B966-FED84A212E82}
[2011/10/25 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F03A8CC7-5A8B-4A09-827C-EE219520B2FA}
[2011/10/25 00:27:06 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{27B62B40-37EB-483F-AEB0-0A0077961BF6}
[2011/10/25 00:26:45 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D30F1474-BFE7-4E6F-B24B-D652ABBCD0A2}
[2011/10/24 12:26:18 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{323E3C57-6CBE-4785-BFE1-3EC98C002F23}
[2011/10/24 12:25:55 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{64118495-C7B4-4CC7-86BC-C540C3C7C063}
[2011/10/24 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{06DEEF85-5963-4113-8370-10C73B4167B2}
[2011/10/24 00:25:04 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2A821AE1-9A25-454D-8EC8-20A689F17823}
[2011/10/23 00:36:37 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6C8E3CB5-6FD0-49C7-ADC7-4BD76AD7EB92}
[2011/10/23 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{75A37005-4C45-4307-8829-3BD8FC7783FA}
[2011/10/23 00:19:48 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A29593BD-F0A1-4504-A98F-DBD86C130E70}
[2011/10/22 01:21:16 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D3AF19A5-4200-406F-BCC7-ADE721C574D7}
[2011/10/22 01:20:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{03BEEF89-8F5F-49A3-BDC5-80BA7979987C}
[2011/10/21 12:05:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{06F48808-A92E-4D1E-8D4C-0256A1B2A4E1}
[2011/10/21 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E80F142C-1F8A-4AD9-97AF-06C13A87F056}
[2011/10/20 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C411A526-79D5-46A9-B778-B51AFBCDA111}
[2011/10/20 23:11:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A2AD2D41-D9DF-4F39-BE47-8CC404CEEDE0}
[2011/10/20 15:04:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\Desktop\Associate Resumes
[2011/10/20 12:38:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/20 12:38:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/20 12:38:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/20 05:52:19 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4B379C27-2422-4BD0-90F7-5300F58F3FD7}
[2011/10/20 05:52:00 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{744CB5B6-3FEB-4449-AC68-AF9814520C90}
[2011/10/19 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2780C695-86CF-466F-986D-98B7879DEE1F}
[2011/10/19 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6DB94E99-8E72-4467-AB89-4DDF23464746}
[2011/10/18 23:49:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8C51455C-3E6E-415F-8D04-B25B54C65C28}
[2011/10/18 23:49:30 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{099CC810-0A4F-47B4-BA72-20EB9CFDAC69}
[2011/10/17 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2E3EC6E0-18AE-46BE-AD2E-94FEF027BCA1}
[2011/10/17 16:49:38 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{43250AA4-7B77-4D2D-97C8-E2D7A1594A44}
[2011/07/05 15:08:06 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/07/05 15:08:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/07/05 15:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/07/05 15:08:06 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/07/05 15:08:05 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/07/05 15:08:05 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/07/05 15:08:05 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/07/05 15:08:05 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/07/05 15:08:05 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/07/05 15:08:05 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/07/05 15:08:05 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/07/05 15:08:05 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2009/11/13 09:05:59 | 021,044,640 | ---- | C] (Sage Software ) -- C:\Users\Darron\AppData\Roaming\ACT1200HotFix_SS.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 13:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/16 13:02:11 | 000,768,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/16 13:02:11 | 000,651,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/16 13:02:11 | 000,121,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/16 12:55:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/16 12:55:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/11/16 12:55:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/16 12:55:25 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 12:55:25 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 12:55:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/16 12:36:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000UA.job
[2011/11/16 12:23:03 | 004,296,444 | R--- | M] (Swearware) -- C:\Users\Darron\Desktop\ComboFix.exe
[2011/11/16 12:04:19 | 000,060,010 | ---- | M] () -- C:\Users\Darron\Desktop\TheBook.JPG
[2011/11/16 12:00:37 | 000,062,711 | ---- | M] () -- C:\Users\Darron\Desktop\18x24.JPG
[2011/11/16 12:00:02 | 000,033,857 | ---- | M] () -- C:\Users\Darron\Desktop\11x17.JPG
[2011/11/16 11:39:20 | 000,080,384 | ---- | M] () -- C:\Users\Darron\Desktop\MBRCheck.exe
[2011/11/16 11:17:51 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000Core.job
[2011/11/15 14:49:07 | 000,015,021 | ---- | M] () -- C:\Users\Darron\Desktop\374320_276937432351467_100001056380259_850979_1897190163_n.jpg
[2011/11/15 10:11:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Darron\Desktop\aswMBR.exe
[2011/11/15 09:22:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
[2011/11/15 01:43:43 | 003,193,190 | ---- | M] () -- C:\Users\Darron\Desktop\Southwern Wine & Spirits career.pdf
[2011/11/09 14:16:53 | 000,009,267 | ---- | M] () -- C:\Users\Darron\Desktop\try.jpg
[2011/11/09 14:11:45 | 000,003,110 | ---- | M] () -- C:\Users\Darron\Desktop\barcode-image.jpg
[2011/11/08 18:33:43 | 000,210,432 | ---- | M] () -- C:\Users\Darron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 17:10:15 | 000,074,074 | ---- | M] () -- C:\Users\Darron\Desktop\Google Trends.JPG
[2011/11/07 19:58:26 | 000,061,924 | ---- | M] () -- C:\Users\Darron\Desktop\IMG_2671.jpg
[2011/11/04 16:27:00 | 000,035,938 | ---- | M] () -- C:\Users\Darron\Desktop\Darron's Resume ves2.pdf
[2011/11/04 11:32:15 | 000,012,406 | ---- | M] () -- C:\Users\Darron\Desktop\Label.png
[2011/11/02 18:31:31 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2011/11/02 15:13:11 | 000,009,924 | ---- | M] () -- C:\Users\Darron\Desktop\business-plan1.jpg
[2011/11/01 13:54:59 | 004,922,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/01 11:43:31 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2011/10/30 00:24:43 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/29 00:29:57 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 01:09:25 | 000,002,393 | ---- | M] () -- C:\Users\Darron\Desktop\BBSAK.lnk
[2011/10/20 12:37:45 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/20 12:37:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/20 12:37:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/20 12:37:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/16 12:25:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/16 12:25:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/16 12:25:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/16 12:25:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/16 12:25:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 12:04:16 | 000,060,010 | ---- | C] () -- C:\Users\Darron\Desktop\TheBook.JPG
[2011/11/16 12:00:34 | 000,062,711 | ---- | C] () -- C:\Users\Darron\Desktop\18x24.JPG
[2011/11/16 11:59:59 | 000,033,857 | ---- | C] () -- C:\Users\Darron\Desktop\11x17.JPG
[2011/11/16 11:38:47 | 000,080,384 | ---- | C] () -- C:\Users\Darron\Desktop\MBRCheck.exe
[2011/11/15 14:49:09 | 000,015,021 | ---- | C] () -- C:\Users\Darron\Desktop\374320_276937432351467_100001056380259_850979_1897190163_n.jpg
[2011/11/15 01:44:05 | 003,193,190 | ---- | C] () -- C:\Users\Darron\Desktop\Southwern Wine & Spirits career.pdf
[2011/11/09 14:16:53 | 000,009,267 | ---- | C] () -- C:\Users\Darron\Desktop\try.jpg
[2011/11/09 14:11:53 | 000,003,110 | ---- | C] () -- C:\Users\Darron\Desktop\barcode-image.jpg
[2011/11/08 17:10:13 | 000,074,074 | ---- | C] () -- C:\Users\Darron\Desktop\Google Trends.JPG
[2011/11/07 19:58:31 | 000,061,924 | ---- | C] () -- C:\Users\Darron\Desktop\IMG_2671.jpg
[2011/11/04 16:27:10 | 000,035,938 | ---- | C] () -- C:\Users\Darron\Desktop\Darron's Resume ves2.pdf
[2011/11/04 11:32:21 | 000,012,406 | ---- | C] () -- C:\Users\Darron\Desktop\Label.png
[2011/11/02 15:13:19 | 000,009,924 | ---- | C] () -- C:\Users\Darron\Desktop\business-plan1.jpg
[2011/10/29 00:29:57 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 23:59:19 | 073,044,420 | ---- | C] () -- C:\Users\Darron\Documents\New Book1.psd
[2011/10/05 16:23:08 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\W32mkrc.dll
[2011/10/05 16:23:07 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\OC25JPN.DLL
[2011/10/05 16:23:06 | 000,014,256 | ---- | C] () -- C:\Windows\SysWow64\VAJP2.DLL
[2011/10/05 16:22:58 | 000,000,255 | ---- | C] () -- C:\Windows\NSFASTW.INI
[2011/10/05 14:19:14 | 000,002,048 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\A&I Book Creator Prefs
[2011/09/28 10:53:41 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2011/07/28 11:29:00 | 000,001,332 | ---- | C] () -- \initdb526.ora
[2011/07/27 17:13:57 | 000,001,397 | ---- | C] () -- \newinitDB504.ora
[2011/07/27 17:13:57 | 000,001,332 | ---- | C] () -- \initfile.ora
[2011/07/05 15:08:06 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/07/05 15:08:06 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/07/05 15:08:06 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/07/05 15:08:06 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/07/05 15:08:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/07/05 15:08:06 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/07/05 15:08:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/07/05 15:08:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/07/05 15:04:49 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/07/05 15:04:48 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/02/22 00:42:43 | 000,000,600 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\winscp.rnd
[2011/02/14 03:32:58 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/02/14 03:32:09 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/14 03:32:01 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/02/14 03:32:01 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 03:32:01 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 03:31:54 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/02 13:41:22 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/10/15 02:07:05 | 000,000,701 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\init.dll
[2010/10/15 02:07:05 | 000,000,006 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\SYSTEM32.dll
[2010/10/15 02:06:54 | 000,000,701 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\sound.dll
[2010/10/15 02:05:09 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/10/13 21:52:46 | 000,001,456 | ---- | C] () -- C:\Users\Darron\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/12 18:09:28 | 000,000,132 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/16 13:17:23 | 000,000,732 | ---- | C] () -- C:\Users\Darron\AppData\Local\d3d9caps64.dat
[2009/12/08 14:10:45 | 000,130,503 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/12/08 14:10:45 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/12/08 14:10:38 | 000,355,416 | ---- | C] () -- \hpzids40.dll
[2009/12/03 12:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 12:42:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 12:41:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/13 09:11:25 | 000,787,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/26 20:18:09 | 000,026,311 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\UserTile.png
[2009/10/24 15:06:39 | 000,000,256 | ---- | C] () -- \pool.bin
[2009/10/22 19:28:33 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/10/14 22:14:47 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2009/10/11 16:19:14 | 000,000,268 | RH-- | C] () -- C:\Users\Darron\AppData\Roaming\Rock
[2009/10/10 20:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Darron\AppData\Local\d3d9caps.dat
[2009/10/10 14:37:19 | 000,210,432 | ---- | C] () -- C:\Users\Darron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 00:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/03/04 13:53:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/04 13:09:41 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009/03/04 13:09:40 | 000,333,257 | RHS- | C] () -- \bootmgr
[2009/03/04 13:06:36 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 21:03:36 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\REWCACHE.DAT
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/09/23 02:39:38 | 000,894,976 | ---- | C] () -- \msdia80.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
That wasn't the OTL log I wanted:
Open OTL, click the None button and under Extra Registry select Use Safelist. Press Run Scan (not quick scan) and post the Extras.txt log it will produce
  • 0

#9
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL Extras logfile created on: 11/16/2011 2:22:00 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Darron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.94% Memory free
8.17 Gb Paging File | 6.03 Gb Available in Paging File | 73.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.09 Gb Total Space | 127.98 Gb Free Space | 44.89% Space Free | Partition Type: NTFS

Computer Name: DARRON-PC | User Name: Darron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AA 7A 14 C5 5B 74 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B15FFE-2108-402B-9853-19DAA3CC230F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{021B1104-F71F-42AB-8E47-323E6A61D322}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0314099C-6AF7-4DE0-991D-4B0D75193D52}" = rport=137 | protocol=17 | dir=out | app=system |
"{08BEAE87-FABE-4E3A-8950-87B38D1F906B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0CF67A35-533B-4833-BDD3-21C4591CAEB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{0DA929F5-6881-4C66-9E45-6279ECB56A1F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F86DE79-5A5F-434B-9D0D-1E7C67DAA5B5}" = lport=5358 | protocol=6 | dir=in | app=system |
"{139115CB-2296-42D2-9DCA-CC9EC962ACDB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{17895A0E-F341-4E3B-84A5-D1A3E87AE010}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1B810758-E776-40CA-9712-12FA793B740B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1CF4BCE2-BDE5-4BE7-BDEF-5AF46E4EDC50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D9213DA-84BF-4150-9C05-D1B191313724}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{20780A61-A45B-4762-A5BB-8C8EBF0FEB44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2137462B-0DA2-4C4A-A378-7B4425267FEC}" = lport=3389 | protocol=6 | dir=in | app=system |
"{248C8E20-E080-4648-B1D0-22A2B44C2829}" = lport=10243 | protocol=6 | dir=in | app=system |
"{24CEF6E3-B8DF-4FEA-96EC-625D42EB8332}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{27A2DFAA-DFC2-423A-9F0A-A30709C18B52}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{2890EFB9-A241-425B-B298-03962DDAB392}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2A89AE44-50AC-48B4-BA2B-5FD844560E57}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{2AF200EE-B0A8-4031-AA76-7D2D2C9FB0F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C5EBF0F-EEFD-4DEB-9F60-3C7AE79E8DF2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DC54562-555A-49A7-8571-2584063A2F2B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{321CF45C-FB3D-4710-9477-A505EBFC5256}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{334FC850-66A9-4C30-851E-C0801B0D5B59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38E17CD5-4F9E-448F-9FBF-7FC9FF6D3BD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{426EAF7A-14A8-4283-8F48-E12D45B85879}" = lport=138 | protocol=17 | dir=in | app=system |
"{4401E848-3344-4B1B-80B5-6A1014E4127D}" = rport=139 | protocol=6 | dir=out | app=system |
"{45656303-B04D-4196-A186-4CBE2A92FAE3}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{45E65E29-5FDA-48C6-B306-80CEACB54736}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{477CD962-AA21-4CB1-A943-A99E0B8A4E71}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4DB70246-5327-49DF-98CB-CAD3846FEFFB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{4DFF3CF5-1D47-420C-BA92-BDCE6407E92A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{508C223B-AE19-4F91-B915-9E63489BABEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E685E5F-EA79-48C8-BB69-53DFE4E56725}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{5FBD14C6-80D7-4CFB-9145-A62E5C707DD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6609D21B-3651-4DC2-B907-8C5C39BF998D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{6706BB8D-AC47-45A6-BBBE-1902CAD8AE25}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{68E756B2-F1EB-4BB0-86E1-99FF0BF68F60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6BE72950-6F1E-4E36-B2A4-C5FF98DB1544}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6E7647FB-C8B3-4825-9A56-68E3D78FDE84}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E7DF723-85BB-4C0D-8EB6-5FE93C0C59BF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{710739A8-8329-4107-9670-40CBFF3E4167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72DE2855-D23A-4193-BE8F-24FA317AF539}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{739CA016-3CF0-402F-859A-8073B6521F74}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{7FD47F7A-234E-4003-92F0-FF811E5BCE77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8307422C-25E6-4397-B096-EDB0272C2CD9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{84B18A51-D185-4C2A-AA4F-A4E0E1CEBEE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93DB5DB4-7A90-4DDB-8EEE-61C42EDC4595}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95E06E35-399B-40BF-BEDD-A037CC795807}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B36E9FD-392A-4669-9E05-F1478F68063C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CF1ACC4-CDCC-47D0-AF47-B76EC2A6C708}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D99BB4F-A96F-464D-BA90-7164D6E819F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9DF02F27-3F30-4C39-96B1-AA2C668F8514}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9F8D95BF-469E-4A51-8D78-F9A4E563332C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{A9009FE6-4EC6-4379-A40C-260E7D4ABDBD}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9100C9F-5562-44FB-B300-4AC01F39D81F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{BBA9010E-90F1-412F-96A0-6EF225832C17}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC756DBA-6520-4E12-B678-D2727D062031}" = lport=5357 | protocol=6 | dir=in | app=system |
"{BDB49D24-F75B-44FB-B5D4-8263E218324E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C299F17D-4030-494E-B44B-BF323DFF6439}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4C5C322-A655-42FC-AC1D-62BACA57C09B}" = lport=3389 | protocol=6 | dir=in | app=system |
"{CA237DC3-B686-41B9-B128-FC003E4546E2}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{CDE9C76B-9647-4EFE-A3D7-E0DCA3A11C41}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D087BCE2-C80A-48DE-9338-864F44F51B56}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D0DB51B3-74D8-46EF-BB7D-52051A234767}" = rport=445 | protocol=6 | dir=out | app=system |
"{D590E172-81BF-4DA7-A62F-764B759A7D14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDD10982-1A10-45FC-8F22-AC63C5A3182C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4AA8057-B4A9-47B6-90F8-B01477FBC1CB}" = rport=5358 | protocol=6 | dir=out | app=system |
"{F3172FD1-8E57-42EF-AF71-36ADF497F0EB}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{F42DB3FA-5DDA-4B70-A619-8E9F2298A869}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F58036AD-558D-4278-8385-4469B49610D9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F5AE1A06-236F-4F67-84EB-8734CC9C4B5A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{F97F319E-A35D-4BCA-AE2C-25BF38ED6CD7}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FE1DA0C7-A15B-4400-9439-50E6991815EB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C179A6-F03B-4B05-81CF-A2146226DAE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{01CE030F-F1A5-4172-8C3C-2CECCE5E306D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0F3A0C5F-BAFF-4B68-BF04-2A9836805367}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{1270F721-D155-4C8F-BE27-B684AEC138C4}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{160E4BDA-3742-457D-9648-077A8569B623}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{166EBC0B-0166-4F72-BDC8-524553E1C2F9}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{16777FC4-01F2-4FB6-BB22-C030E65FED28}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17617331-AB4F-420F-BC4F-E06470254486}" = protocol=1 | dir=in | [email protected],-28543 |
"{18642A25-F291-4CCB-9ED7-7EE41C445243}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{1F78DFD5-2847-425E-B8E9-F706AEE3D7A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2080810B-EA6D-49E5-BACB-AB4A802CF910}" = protocol=17 | dir=in | app=c:\users\darron\appdata\roaming\mjusbsp\magicjack.exe |
"{20EFE34C-FEC1-4901-9E2C-BEF390C59F8A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark pro800-pro900 series\lxecfax.exe |
"{245CAD69-35AE-4AC5-BF17-3309507F4335}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark pro800-pro900 series\lxecfax.exe |
"{26D28794-FAB7-4607-9C8D-583A3EB5DDCB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{271F3D2A-8426-42C5-BB50-2B2E28CAB8B1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{31BCD34F-8AFA-4848-8C87-5E22ED02C046}" = protocol=58 | dir=out | [email protected],-28546 |
"{33CCD51F-0C17-470F-8557-DB3F86840299}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{352A7DF7-0E94-4459-9E8E-F1F54F478823}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3C7A22D7-BB41-4243-80FB-E244279101A3}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{3D9B968A-703F-4C8B-AF43-14FD0048249E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4634C321-3994-4454-B3D0-6049E66BA83C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{47A67D96-0105-49EB-9EFD-6472BF4CD56A}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{47DC95EA-4E1B-40CB-9607-77F4FA2849FD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{490C8683-EB19-4DD4-A77C-196B30CA6170}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{4BCE8008-A1FF-4960-BC0F-5299F49C10F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C09A8DB-0237-498A-92B1-27B674A63B89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E842090-200C-4EA9-AEDC-151CD59651EC}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{4EDCA9B1-3364-475C-A011-8320C1131D9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{544C057B-4410-4944-B24D-AD381C552A37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5565551A-5A26-47DA-B95C-353D6ABA1BA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{556E7397-0E6C-427A-8FEB-01BB7EDE4BAE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5AB34945-7476-457E-B4BF-0D9A4A59A1F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B9DFB79-E024-4385-9E50-60CB2C84B47F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{61CD855D-20C0-4F60-B1B4-C1ED0D944C66}" = protocol=58 | dir=in | [email protected],-28545 |
"{642B0C0B-DBEC-4D3F-88AF-F1B8F8FFF2CC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6A737E8E-4118-4AB3-BE36-142C834E270D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6EDA3198-25D9-471F-B009-61A112906208}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F3120C1-FDAD-487C-9DB7-61548AE4C23B}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{6F9DF295-7409-48D7-AB6F-E03B2B1E9DED}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{709112AC-2361-40FB-8479-26178872C6F0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{75C68CC2-1211-42D1-80A8-8414C88CF342}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A11E4FE-4BC1-436B-B246-5BDF5C161618}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{7E75672B-8B93-4007-859F-D195CF24959F}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{87335F46-1380-4100-B6CD-9B899DE19D54}" = protocol=6 | dir=in | app=c:\users\darron\appdata\roaming\mjusbsp\magicjack.exe |
"{883864B2-64EE-4F81-B89A-93BEB04AB82F}" = protocol=6 | dir=in | app=c:\users\darron\appdata\roaming\dropbox\bin\dropbox.exe |
"{88F87C94-EC2B-4C95-91D2-72A8D3D3FED9}" = protocol=6 | dir=in | app=c:\users\darron\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8C9F186B-D508-4840-BB1F-F5AAC36976CE}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{955D6BE3-678A-4E1F-9232-ABBCE9D4E37E}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9D314B7C-5042-4E52-9504-FDF84677DACA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9EE65D6A-A67F-445C-A179-3CCE6CBD2A30}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{9F43FE5D-6C38-4CED-82FF-1B61D193E13B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A00C1928-CBAB-44A3-9B20-9E29F55ED7B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A5142413-1BE8-4735-8E2C-62334A5B603C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9A88557-3203-4B10-9848-904161549E9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB952511-B06E-4821-9192-5BCCD8FAA636}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{AD06CEB3-E502-4EFE-8F51-20D724858614}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{AD0DA4ED-3404-4831-BC4C-EC4C53761230}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{AD6E9CE5-7C40-4C01-B0A2-C9A203416FA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE0975FE-1303-488C-BEFB-32FA3731859D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{AEACCCB4-2464-46E2-8D89-5105C8A30B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFA02EBA-9CF5-4004-ACC9-43A770272CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{AFADBD2F-1653-4B2E-868A-0318879EFAC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B4711530-71BC-4CFA-9C00-339BAD567643}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B60A42F6-39E0-4BB2-A865-DEA29F17F098}" = protocol=1 | dir=out | [email protected],-28544 |
"{B93AFC34-F6BE-47FF-BFA7-C53224E0BC22}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BD1844B4-69CA-4A33-81B3-E87F0FA1F5A2}" = dir=in | app=c:\program files (x86)\microsoft garage\mouse without borders\mousewithoutborders.exe |
"{BF1FC969-83DF-44B8-87AC-EC10F85CE422}" = protocol=17 | dir=in | app=c:\users\darron\appdata\roaming\dropbox\bin\dropbox.exe |
"{C1AFD9A0-2966-46EA-9A22-7909ED4CEDF0}" = protocol=6 | dir=out | app=system |
"{C2D0739F-6DD0-48BE-A6D3-5A1457B331BC}" = protocol=6 | dir=in | app=c:\users\darron\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C7055D65-52ED-49B7-9C34-2250511503EF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C946BFF5-C9A8-4D89-9E76-D3F5BB4F276B}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{CA528ACB-5396-41E8-90D7-2A83771C17FF}" = protocol=17 | dir=in | app=c:\users\darron\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D37F65ED-A07F-4BF7-A87B-EA2ADDB1C726}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DE734C00-AC25-4992-9FDF-933EE6507672}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0983334-D040-4A24-BEAD-B77041F27069}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E66BC075-99D4-4207-A877-5615E828A947}" = protocol=58 | dir=in | [email protected],-148 |
"{EB41BBA1-2DBE-4930-84AF-8490FE80F7AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED3AC355-F454-43C9-AC22-D64A5EA12162}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0A7BB45-2B3E-4741-BA7C-F863FD83BD2C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F256A8C1-D193-4A1A-A120-9FD17F35CEAA}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{F66D71F0-9A1A-4113-86B6-07A153C1D27F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{F83B9D58-4E74-4CD1-B9D4-4F31689AC3E8}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FD9E1583-34A8-400F-A401-F5A16ADC2957}" = protocol=17 | dir=in | app=c:\users\darron\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{01C3E9AE-679F-4D65-9E48-439A0A1B8FE1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{1A7AC8A6-CB75-481B-9190-7ECE627BAD1C}C:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"TCP Query User{1C984D8A-3681-4CD2-B527-845095EA37C6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{33657C76-02AF-4F70-9AB8-40C891EE5109}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3F0E48E0-BD7C-4B81-82EA-378B393FE46A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5CF817E1-5DF7-47C2-9718-61BFA97CC2BE}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{6A0C8E94-0132-4245-85C4-ECC63DAD0732}C:\program files (x86)\winscp\winscp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winscp\winscp.exe |
"TCP Query User{7B6DFDEE-95DF-4E42-BBF1-B7898C95D166}C:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"TCP Query User{843134DB-11AA-4DA7-8C5D-A65F2B5F07D2}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"TCP Query User{A429DCE4-6A09-4EBF-B59A-5FA85C3369E8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{B1DCE321-273A-4C5C-9EC5-89162E2B43D0}C:\users\darron\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\darron\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EF8A7AE8-4D70-463A-9642-4E5C7A0BFF47}C:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{0CC7E521-6891-43D2-A1BB-3B1B2CD1A40F}C:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{202FBBE9-108D-4AE9-B755-A7B37A896B87}C:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"UDP Query User{24F54B28-36D6-4963-998E-08D9156D44E3}C:\program files (x86)\winscp\winscp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winscp\winscp.exe |
"UDP Query User{2E0E35C4-2B5B-44C6-B239-726BE33B1C10}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{659F3FE2-26A2-46A4-A8D4-6C86B515FD1E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{757B8B0E-85AC-4AD9-A27F-CA00E950A27D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{892735F8-6052-4E62-A251-EE224184BFD0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{98DDE3F4-009A-4B48-93BA-8A884C075F7F}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{9DE78BFD-7C75-4701-8D1D-8F4AF6B53EBF}C:\users\darron\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\darron\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CB556571-DE73-48BB-BCE0-9904C312F98A}C:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"UDP Query User{D063BC66-67C4-44B6-B297-AD966F6D6C60}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"UDP Query User{F38DB023-2FFC-4C2C-8AA6-EEB37219DA75}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3E8DD348-4174-4fe8-8FDC-238AAFBD2488}" = HP Photosmart All-In-One Software 9.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AA45E50C-1447-48CD-9B49-61B82ED1F95C}" = Adobe Photoshop Lightroom 2.3 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D7F364C7-D626-85EE-D162-2D4F98B6435C}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DD9DABA7-45CB-4386-AE31-ACC344260FCB}" = NetDeviceManager64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FBF1ACF-D04A-D6E7-D8BC-0FA4B2240ADD}" = Catalyst Control Center Localization Chinese Standard
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12D64CE1-EC3C-5F31-10C1-59E1C75118D0}" = Skins
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C26E2F5-1BD2-A98C-B884-371A14CADA68}" = Catalyst Control Center Core Implementation
"{1C357AB8-42FB-8C16-D85C-182113227C3B}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240FE07E-2A08-DADA-F347-F285E89728FC}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AA05D77-7A32-4D35-9A9E-5DD5469B20DD}" = DecisionTools Suite Industrial 5.5.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3F7948F2-1DD2-1F76-756C-892D2BB6EC60}" = Catalyst Control Center Localization Italian
"{40196CDF-14BB-3513-0992-2CC5FF1A10C9}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{480065EF-6F1D-D076-5B7B-0583B7368F0D}" = Catalyst Control Center Localization German
"{49A69C82-728C-ECEE-0BCF-0636A2778081}" = Rinse
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{520A53E5-7882-4F3C-9C1B-666BBDB44F1B}_is1" = BB Boss OS Shrinker for Blackberry OS version 1.1
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62D62257-AFE9-1B5A-1E2E-B2D3C362F2BF}" = CCC Help Spanish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C4BA523-0741-A046-6FB5-3E2AD1B04D63}" = CCC Help German
"{6E0C614F-C661-5927-7A2A-C8C1460AF978}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F15E73A-DB15-A9CA-CDCD-C8779F43D4A9}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95EA8E8F-E947-9811-31F0-923F0BAB543B}" = Catalyst Control Center Localization Portuguese
"{97ABE6F8-CB59-EA31-DA82-F2E67C84E9DD}" = CCC Help English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE7ACE9F-C729-8CB0-F117-BAC5462C67AF}" = ccc-core-static
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C8ABD5-7AA8-181F-18AC-B7551D65325E}" = Catalyst Control Center Localization French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CBAAFFD7-1BC7-EBBD-9ACC-F615E2CB3A9D}" = CCC Help Portuguese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2998E9F-DDCB-71F0-887B-BD4D6709EB1B}" = Catalyst Control Center Graphics Full New
"{D3BC954F-D661-474C-B367-30EB6E56542E}" = Microsoft Garage Mouse without Borders
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABDC72A-7C98-502A-1649-7B81AE79085C}" = CCC Help Chinese Standard
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFA89221-6DFA-9DA7-0F83-ECF5121F6877}" = Catalyst Control Center Localization Japanese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
"{E3D8E791-E417-466F-8371-D61CB6589D7B}_is1" = Black Berry phone info Reader
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E671920A-7534-D05E-F33C-3D566EAA1F93}" = Catalyst Control Center Localization Spanish
"{E79E2417-00F8-9EDE-60C7-D6887F42BD85}" = Catalyst Control Center Graphics Previews Vista
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FD1E77D4-327F-4E24-9240-C82902068033}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9780 smartphone
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC2B2AE-5695-ABA9-D0BF-185573515CFF}" = CCC Help Italian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced 9.25
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BlackBerry_{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"Duplicate Finder - Free Edition_is1" = Duplicate Finder v4.1.0.4
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome Frame" = Google Chrome Frame
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"myibay eBay bid sniper_is1" = myibay eBay bid sniper 1.0.40
"MyScribe" = MyScribe
"nLite_is1" = nLite 1.4.9.1
"PDFTiger_is1" = PDFTiger
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"Recover My Files_is1" = Recover My Files
"Videora iPad Converter" = Videora iPad Converter 6
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.9
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2011 6:15:57 PM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/16/2011 11:53:16 AM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/16/2011 7:45:16 PM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/19/2011 2:24:50 AM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/19/2011 3:26:10 AM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/21/2011 2:21:15 PM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/23/2011 2:07:46 AM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2011 12:16:43 AM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/25/2011 12:17:23 AM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/26/2011 11:40:13 PM | Computer Name = Darron-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/1/2010 4:31:03 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/5/2010 4:37:19 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/14/2011 9:29:31 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/28/2011 12:59:42 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/10/2011 1:43:58 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/13/2011 10:49:45 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/14/2011 12:12:52 AM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/14/2011 12:51:38 AM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/14/2011 2:26:10 AM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/8/2011 6:51:20 PM | Computer Name = Darron-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 11/16/2011 1:48:42 PM | Computer Name = Darron-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/16/2011 1:52:55 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/16/2011 1:53:09 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/16/2011 1:55:44 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/16/2011 1:55:44 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/16/2011 1:55:44 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/16/2011 1:55:44 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/16/2011 1:55:44 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/16/2011 1:55:50 PM | Computer Name = Darron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/16/2011 1:56:32 PM | Computer Name = Darron-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Open up MBAM and go to quarantine folder. Tell me what it writes there

A false positive means that the scanner detected a file that is legit.

Next:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-2670984328-1985135284-1998418574-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTo1.dll File not found
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{08d16289-dc44-11de-be66-000325249fb5}\Shell\AutoRun\command - "" = system32/rundll.exe
    O33 - MountPoints2\{08d16289-dc44-11de-be66-000325249fb5}\Shell\explore\command - "" = system32/rundll.exe
    O33 - MountPoints2\{08d16289-dc44-11de-be66-000325249fb5}\Shell\open\command - "" = system32/rundll.exe
    O33 - MountPoints2\{0dbb1dbb-3c43-11e0-891d-000325249fb5}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
    O33 - MountPoints2\{0dbb1dbb-3c43-11e0-891d-000325249fb5}\Shell\slacker\command - "" = slacker.synclauncher.exe
    O33 - MountPoints2\{4b662107-374f-11df-b314-000325249fb5}\Shell\AutoRun\command - "" = E:\setup.exe
    O33 - MountPoints2\{644024eb-1cda-11e0-b2bf-000325249fb5}\Shell - "" = AutoRun
    O33 - MountPoints2\{644024eb-1cda-11e0-b2bf-000325249fb5}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\{6e48f5db-eb71-11de-8dee-000325249fb5}\Shell - "" = AutoRun
    O33 - MountPoints2\{6e48f5db-eb71-11de-8dee-000325249fb5}\Shell\AutoRun\command - "" = E:\Autorun.exe
    O33 - MountPoints2\{9859a7ad-ffe4-11de-8779-000325249fb5}\Shell\AutoRun\command - "" = E:\setupSNK.exe
    O33 - MountPoints2\{ceb010ce-75b3-11df-af2a-000325249fb5}\Shell - "" = AutoRun
    O33 - MountPoints2\{ceb010ce-75b3-11df-af2a-000325249fb5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{ceb012cb-75b3-11df-af2a-000325249fb5}\Shell - "" = AutoRun
    O33 - MountPoints2\{ceb012cb-75b3-11df-af2a-000325249fb5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{e4de14e3-2121-11df-95fa-000325249fb5}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe
    O33 - MountPoints2\{e4de14e3-2121-11df-95fa-000325249fb5}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe
    O33 - MountPoints2\{fc1fbd0d-9cc6-11df-9164-000325249fb5}\Shell\AutoRun\command - "" = setup.exe
    MsConfig:64bit - StartUpReg: newsecureapp70700.exe - hkey= - key= - File not found
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    :Services

    :Reg

    :Files
    netsh firewall reset /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    C:\Users\Darron\AppData\Roaming\Rock\*.* /s
    /md5start
    termsrv.dll
    /md5stop

  • Click the Quick Scan button. Post the log it produces in your next reply.


Next:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

Advertisements


#11
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Two things, the usb software didn't want to run, not even when i right clicked and choose "run as admin". Secondly,the Kaspersky scan seemed to have stopped and hanged the computer at 47% twice today. The second time whem it reached 47%, i decided to time it to see how long it would take before it passes that number. 2.5hrs later, it was at the same place. I tried navigating through the computer (start programs etc) and everything hung, the sme behavior why i started this thread originally. The file that it stopped at was called "mstsc.exe".
The log that OTL produced is below and I also included a snapshot of when file and location of where the "hanging" began. I also realized when i forced the computer to shutdown and restart, immediately when it reached the desktop, it began installing Kaspersky which I already did.


OTL logfile created on: 11/17/2011 12:29:25 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Darron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.28% Memory free
8.17 Gb Paging File | 6.22 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.09 Gb Total Space | 119.90 Gb Free Space | 42.06% Space Free | Partition Type: NTFS

Computer Name: DARRON-PC | User Name: Darron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 09:22:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/02 09:48:08 | 000,216,064 | ---- | M] (DDHelper) -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe
PRC - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 22:02:56 | 000,420,920 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 22:02:55 | 003,702,840 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 22:01:20 | 000,122,952 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 22:01:19 | 000,222,280 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 22:01:17 | 001,746,504 | ---- | M] () -- C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/05/27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/14 14:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 14:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009/06/25 22:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/07/16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/29 08:24:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/08/31 16:34:02 | 000,017,920 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe -- (MouseWithoutBordersSvc)
SRV - [2010/04/14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/11 14:22:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/04 15:26:34 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/04 03:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/06/04 22:13:44 | 000,867,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/10/07 07:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwLv64.sys -- (NETwLv64) Intel®
DRV:64bit: - [2010/07/20 05:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/07/20 05:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/07/20 05:38:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/07/20 05:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 09:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/25 23:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/04 03:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/10/15 08:57:50 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/10/15 08:53:44 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/10/15 08:52:24 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/03 19:57:26 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2007/10/30 21:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/30 02:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/26 20:50:24 | 000,391,680 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/04/23 13:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/23 13:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115obex.sys -- (s115obex)
DRV:64bit: - [2007/04/23 13:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007/04/23 13:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007/04/23 13:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV:64bit: - [2006/11/17 01:22:06 | 000,297,272 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/07/16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2004/07/14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=0709&m=m-6888u
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...=0709&m=m-6888u
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2009/10/15 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darron\AppData\Roaming\Mozilla\Extensions
[2009/10/15 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darron\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Darron\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Darron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chrome Refresh = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0\
CHR - Extension: Brushed = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: Air Transporter 3D = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadmcjlkjdnbjcdldpfhakfmfedgadjh\1.0.3_0\
CHR - Extension: TiltShiftMaker = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.2_0\
CHR - Extension: Auto HD for YouTube = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaielpkecabnggniojjhghggjedkecfj\2.5_0\
CHR - Extension: InvisibleHand = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.14_0\
CHR - Extension: Jobs Aggregator = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkdpojefipfdjcihiigpabeofdhgfmo\1.1_0\
CHR - Extension: Webpages CSS Styler = C:\Users\Darron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkhlepfbkdbmiogammhjnibakamiehg\1.9.1_0\

O1 HOSTS File: ([2011/11/16 12:55:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Darron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Darron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152FC9C2-BCAE-427D-A325-2A710891001B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA007C9-AB9C-470E-B19A-76AC652BD1CB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43AEFF13-4E04-4A60-9DE8-BF66552EF0B7}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 12:33:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{11772946-5210-4C8C-8822-5594B9A04D5B}
[2011/11/17 12:33:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4D2BBBEF-9913-413B-A382-61CD70695C79}
[2011/11/17 12:17:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/17 12:17:30 | 000,000,000 | ---D | C] -- \_OTL
[2011/11/16 23:12:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9372FFAB-E6E3-4F55-8BF1-D0A7AABBEC69}
[2011/11/16 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{19105E37-785C-42BE-A95C-5DEA04721752}
[2011/11/16 13:30:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/16 13:30:45 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2011/11/16 13:08:20 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\temp
[2011/11/16 12:25:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/16 12:25:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/16 12:25:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/16 12:25:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/16 12:25:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/16 12:25:38 | 000,000,000 | ---D | C] -- \Qoobox
[2011/11/16 12:23:02 | 004,296,444 | R--- | C] (Swearware) -- C:\Users\Darron\Desktop\ComboFix.exe
[2011/11/16 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{968E812D-C826-4210-9C86-AEF3D9DB5CBA}
[2011/11/16 11:10:55 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{17C3BFF5-2083-4E03-AAFC-B306F99F777F}
[2011/11/15 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{3ED27406-13B9-45A9-9758-CA32217BCCAF}
[2011/11/15 19:36:35 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B90D6854-7E7F-4603-A193-F47DA1BADFD9}
[2011/11/15 10:11:27 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Darron\Desktop\aswMBR.exe
[2011/11/15 09:22:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
[2011/11/15 07:35:56 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2AC54AD9-5E59-4509-9F4C-A9DA5D8BF6AD}
[2011/11/15 07:35:46 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0EA39C71-CFE1-4356-BCE6-B06ACE8FE62E}
[2011/11/14 13:34:12 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{465A9AFE-D4C7-4C9F-BC84-9A8C25F22CD9}
[2011/11/14 13:33:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FBC9C177-8A6D-48FE-A2B6-C5FBEC7BA715}
[2011/11/14 01:33:36 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DDB63B26-4F8E-4305-937A-9E7E671DB46B}
[2011/11/14 01:33:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A44C19B7-C506-4367-AF3D-182966FCBD01}
[2011/11/13 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4D2C5984-387A-4F11-BF86-96054B9F39C4}
[2011/11/13 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DC2A9E16-90F4-4CDB-8FEB-C68B830A1941}
[2011/11/12 14:01:10 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8A47663F-6683-437C-B76A-CE9CE061F489}
[2011/11/12 14:00:47 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FEF24643-6407-4BCF-A017-88E1F543D31E}
[2011/11/12 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F0CF85B7-A2F5-4311-B5AD-3EFE6BD52D31}
[2011/11/12 02:00:11 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{34303754-D6BC-4285-9E28-1FA41833EC01}
[2011/11/11 13:59:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7DF6A279-D76A-499D-8D03-4C8A17FCB972}
[2011/11/11 13:59:18 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0B383D6D-5CB6-4387-A669-D7C05976C7D9}
[2011/11/11 01:59:02 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9AF3E265-8EBB-4490-B396-D9FC0EE2E6D6}
[2011/11/11 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CCBAC2F6-F556-4A15-9665-EFFA8357C334}
[2011/11/10 13:58:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FFC46D14-E72C-4C41-BB8A-184508A0E829}
[2011/11/10 13:57:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{480DF76D-3C13-4221-B765-52608BFBF9F5}
[2011/11/09 13:05:12 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{DDB1D389-BB7C-4950-B095-B7EFC651621B}
[2011/11/09 13:04:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{FF316FDC-100A-445A-984A-490001B2BEC6}
[2011/11/09 01:04:19 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{83ED5959-6BB6-4903-8718-2B9021F1CD76}
[2011/11/09 01:03:56 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{964B69C7-49AD-4143-96BF-7FEC223E842D}
[2011/11/08 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2E95747F-6534-41FC-A6B5-990BAB7C3965}
[2011/11/08 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{EE5A2701-C7B4-4DD6-AEDC-1A5B0BA1F9B6}
[2011/11/08 01:02:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7C142703-54D7-44D6-884B-1179BBC3F45E}
[2011/11/08 01:02:07 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{53C8D488-264A-421E-876F-A9C60C18B5E6}
[2011/11/07 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{34104D89-097B-4DD7-B115-B6B17D2615C3}
[2011/11/07 11:28:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B7E9034F-9CEE-4CB8-A9D7-C751E5AEBE45}
[2011/11/06 01:58:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0C76A9C8-9C0C-437A-B044-9954A8A68A92}
[2011/11/06 01:58:03 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{810C32ED-5D85-44D6-87C7-01F942D9181B}
[2011/11/06 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/06 00:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/06 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/06 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/06 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/06 00:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/06 00:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/05 15:57:46 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\uTorrent
[2011/11/05 09:39:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{BB053754-3A5C-43E9-9E33-C7A289873AEF}
[2011/11/05 09:38:52 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{EBA86BD4-E3E6-41DA-959F-9742875C717E}
[2011/11/04 09:56:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E02FA0D5-A21C-4A98-8C55-29AC99FFD064}
[2011/11/04 09:56:06 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{BD4EEED1-A2F8-4803-9B3E-C0E4C511362F}
[2011/11/03 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B0F79C27-D8E8-4138-B249-054599EC0A15}
[2011/11/03 16:18:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B98D4B05-C03B-418F-9256-71A761D14FF0}
[2011/11/02 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\Darron\Desktop\Business Plan Stuff
[2011/11/02 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{246A2DA1-1486-471B-832C-EBB6F059ED07}
[2011/11/02 13:45:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{7BE1E65A-2CAB-45B9-A38F-2A157350D901}
[2011/11/01 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9181B2C0-441C-4D43-BE22-76E0BAED0CDF}
[2011/11/01 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{3CC4EDFF-A472-4535-BBCC-91642A80A7BD}
[2011/11/01 10:48:00 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{05E033E5-84E3-44F5-8837-982188E59538}
[2011/11/01 10:47:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D1D262AE-37C9-44C3-B9CE-4F8BBE8BCAA9}
[2011/10/31 12:10:45 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E689F3E7-B9E0-460F-87E9-7467F0E66A60}
[2011/10/31 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2C5D4D5F-C119-4E63-BA53-CA7D8B4F8F16}
[2011/10/31 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6A2935E8-E00D-47E8-AF7C-DA4AB694F75A}
[2011/10/31 00:09:30 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6CF9EFBE-6730-4386-B492-853127422F0B}
[2011/10/30 18:57:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\Adobe Mini Bridge CS5
[2011/10/30 18:57:25 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/30 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{15340787-FC05-45B5-9BB7-DD73EB9764CB}
[2011/10/30 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C8951910-095D-4DB5-9568-EF776736F110}
[2011/10/29 00:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/29 00:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/28 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CE7CB349-4765-4CEE-83F5-D0180D28F972}
[2011/10/28 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F309E9BC-D4E0-4B2F-A784-51677F70A4FB}
[2011/10/27 21:42:16 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B4E4FDB8-67ED-4926-8508-D8D777E08A42}
[2011/10/27 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{B63936F8-BEBF-4AAC-8947-705BC9B0E6F6}
[2011/10/27 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CE6F150E-7164-4F8A-8A88-1B158EBE4C76}
[2011/10/27 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{78C73CC4-D3A7-4ABB-8029-CCA7EC75FBF8}
[2011/10/26 12:33:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{0DDB97C2-446D-4D1F-9955-905BE9B9B8F0}
[2011/10/26 12:33:29 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{9D2895F6-B307-45A8-9738-367965F4CBAE}
[2011/10/26 00:33:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{CDF3CB39-8B24-4D5B-86C0-146CD54A00A0}
[2011/10/26 00:32:42 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C4C589BB-4950-4853-8395-732DEBB4D7DA}
[2011/10/25 12:32:13 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8258FBA0-AE74-43A1-B966-FED84A212E82}
[2011/10/25 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{F03A8CC7-5A8B-4A09-827C-EE219520B2FA}
[2011/10/25 00:27:06 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{27B62B40-37EB-483F-AEB0-0A0077961BF6}
[2011/10/25 00:26:45 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D30F1474-BFE7-4E6F-B24B-D652ABBCD0A2}
[2011/10/24 12:26:18 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{323E3C57-6CBE-4785-BFE1-3EC98C002F23}
[2011/10/24 12:25:55 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{64118495-C7B4-4CC7-86BC-C540C3C7C063}
[2011/10/24 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{06DEEF85-5963-4113-8370-10C73B4167B2}
[2011/10/24 00:25:04 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2A821AE1-9A25-454D-8EC8-20A689F17823}
[2011/10/23 00:36:37 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6C8E3CB5-6FD0-49C7-ADC7-4BD76AD7EB92}
[2011/10/23 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{75A37005-4C45-4307-8829-3BD8FC7783FA}
[2011/10/23 00:19:48 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A29593BD-F0A1-4504-A98F-DBD86C130E70}
[2011/10/22 01:21:16 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{D3AF19A5-4200-406F-BCC7-ADE721C574D7}
[2011/10/22 01:20:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{03BEEF89-8F5F-49A3-BDC5-80BA7979987C}
[2011/10/21 12:05:14 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{06F48808-A92E-4D1E-8D4C-0256A1B2A4E1}
[2011/10/21 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{E80F142C-1F8A-4AD9-97AF-06C13A87F056}
[2011/10/20 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{C411A526-79D5-46A9-B778-B51AFBCDA111}
[2011/10/20 23:11:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{A2AD2D41-D9DF-4F39-BE47-8CC404CEEDE0}
[2011/10/20 15:04:57 | 000,000,000 | ---D | C] -- C:\Users\Darron\Desktop\Associate Resumes
[2011/10/20 05:52:19 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{4B379C27-2422-4BD0-90F7-5300F58F3FD7}
[2011/10/20 05:52:00 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{744CB5B6-3FEB-4449-AC68-AF9814520C90}
[2011/10/19 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{2780C695-86CF-466F-986D-98B7879DEE1F}
[2011/10/19 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{6DB94E99-8E72-4467-AB89-4DDF23464746}
[2011/10/18 23:49:53 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{8C51455C-3E6E-415F-8D04-B25B54C65C28}
[2011/10/18 23:49:30 | 000,000,000 | ---D | C] -- C:\Users\Darron\AppData\Local\{099CC810-0A4F-47B4-BA72-20EB9CFDAC69}
[2011/07/05 15:08:06 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/07/05 15:08:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/07/05 15:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/07/05 15:08:06 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/07/05 15:08:05 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/07/05 15:08:05 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/07/05 15:08:05 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/07/05 15:08:05 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/07/05 15:08:05 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/07/05 15:08:05 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/07/05 15:08:05 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/07/05 15:08:05 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2009/11/13 09:05:59 | 021,044,640 | ---- | C] (Sage Software ) -- C:\Users\Darron\AppData\Roaming\ACT1200HotFix_SS.exe

========== Files - Modified Within 30 Days ==========

[2011/11/17 12:36:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000UA.job
[2011/11/17 12:30:16 | 000,768,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/17 12:30:16 | 000,651,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/17 12:30:16 | 000,121,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/17 12:27:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/17 12:23:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011/11/17 12:23:25 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 12:23:25 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 12:23:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 12:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 10:01:37 | 000,132,597 | ---- | M] () -- C:\Users\Darron\Desktop\Flash_Disinfector (1).exe
[2011/11/17 09:48:15 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2670984328-1985135284-1998418574-1000Core.job
[2011/11/17 09:41:58 | 000,132,597 | ---- | M] () -- C:\Users\Darron\Desktop\Flash_Disinfector.exe
[2011/11/17 09:41:37 | 000,206,951 | ---- | M] () -- C:\Users\Darron\Desktop\Capture.JPG
[2011/11/16 17:20:40 | 000,187,632 | ---- | M] () -- C:\Users\Darron\Desktop\IMG-20111103-00106-1.jpg
[2011/11/16 13:31:48 | 000,008,926 | ---- | M] () -- C:\Users\Darron\Desktop\Label.png
[2011/11/16 12:55:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/16 12:23:03 | 004,296,444 | R--- | M] (Swearware) -- C:\Users\Darron\Desktop\ComboFix.exe
[2011/11/16 11:39:20 | 000,080,384 | ---- | M] () -- C:\Users\Darron\Desktop\MBRCheck.exe
[2011/11/15 10:11:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Darron\Desktop\aswMBR.exe
[2011/11/15 09:22:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Darron\Desktop\OTL.exe
[2011/11/15 01:43:43 | 003,193,190 | ---- | M] () -- C:\Users\Darron\Desktop\Southwern Wine & Spirits career.pdf
[2011/11/09 14:16:53 | 000,009,267 | ---- | M] () -- C:\Users\Darron\Desktop\try.jpg
[2011/11/09 14:11:45 | 000,003,110 | ---- | M] () -- C:\Users\Darron\Desktop\barcode-image.jpg
[2011/11/08 18:33:43 | 000,210,432 | ---- | M] () -- C:\Users\Darron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 17:10:15 | 000,074,074 | ---- | M] () -- C:\Users\Darron\Desktop\Google Trends.JPG
[2011/11/07 19:58:26 | 000,061,924 | ---- | M] () -- C:\Users\Darron\Desktop\IMG_2671.jpg
[2011/11/04 16:27:00 | 000,035,938 | ---- | M] () -- C:\Users\Darron\Desktop\Darron's Resume ves2.pdf
[2011/11/02 18:31:31 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2011/11/02 15:13:11 | 000,009,924 | ---- | M] () -- C:\Users\Darron\Desktop\business-plan1.jpg
[2011/11/01 13:54:59 | 004,922,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/01 11:43:31 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2011/10/29 00:29:57 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 01:09:25 | 000,002,393 | ---- | M] () -- C:\Users\Darron\Desktop\BBSAK.lnk

========== Files Created - No Company Name ==========

[2011/11/17 10:01:39 | 000,132,597 | ---- | C] () -- C:\Users\Darron\Desktop\Flash_Disinfector (1).exe
[2011/11/17 09:42:00 | 000,132,597 | ---- | C] () -- C:\Users\Darron\Desktop\Flash_Disinfector.exe
[2011/11/17 09:41:35 | 000,206,951 | ---- | C] () -- C:\Users\Darron\Desktop\Capture.JPG
[2011/11/16 17:20:46 | 000,187,632 | ---- | C] () -- C:\Users\Darron\Desktop\IMG-20111103-00106-1.jpg
[2011/11/16 12:25:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/16 12:25:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/16 12:25:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/16 12:25:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/16 12:25:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 11:38:47 | 000,080,384 | ---- | C] () -- C:\Users\Darron\Desktop\MBRCheck.exe
[2011/11/15 01:44:05 | 003,193,190 | ---- | C] () -- C:\Users\Darron\Desktop\Southwern Wine & Spirits career.pdf
[2011/11/09 14:16:53 | 000,009,267 | ---- | C] () -- C:\Users\Darron\Desktop\try.jpg
[2011/11/09 14:11:53 | 000,003,110 | ---- | C] () -- C:\Users\Darron\Desktop\barcode-image.jpg
[2011/11/08 17:10:13 | 000,074,074 | ---- | C] () -- C:\Users\Darron\Desktop\Google Trends.JPG
[2011/11/07 19:58:31 | 000,061,924 | ---- | C] () -- C:\Users\Darron\Desktop\IMG_2671.jpg
[2011/11/04 16:27:10 | 000,035,938 | ---- | C] () -- C:\Users\Darron\Desktop\Darron's Resume ves2.pdf
[2011/11/04 11:32:21 | 000,008,926 | ---- | C] () -- C:\Users\Darron\Desktop\Label.png
[2011/11/02 15:13:19 | 000,009,924 | ---- | C] () -- C:\Users\Darron\Desktop\business-plan1.jpg
[2011/10/29 00:29:57 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 23:59:19 | 073,044,420 | ---- | C] () -- C:\Users\Darron\Documents\New Book1.psd
[2011/10/05 16:23:08 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\W32mkrc.dll
[2011/10/05 16:23:07 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\OC25JPN.DLL
[2011/10/05 16:23:06 | 000,014,256 | ---- | C] () -- C:\Windows\SysWow64\VAJP2.DLL
[2011/10/05 16:22:58 | 000,000,255 | ---- | C] () -- C:\Windows\NSFASTW.INI
[2011/10/05 14:19:14 | 000,002,048 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\A&I Book Creator Prefs
[2011/09/28 10:53:41 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2011/07/28 11:29:00 | 000,001,332 | ---- | C] () -- \initdb526.ora
[2011/07/27 17:13:57 | 000,001,397 | ---- | C] () -- \newinitDB504.ora
[2011/07/27 17:13:57 | 000,001,332 | ---- | C] () -- \initfile.ora
[2011/07/05 15:08:06 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/07/05 15:08:06 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/07/05 15:08:06 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/07/05 15:08:06 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/07/05 15:08:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/07/05 15:08:06 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/07/05 15:08:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/07/05 15:08:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/07/05 15:04:49 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/07/05 15:04:48 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/02/22 00:42:43 | 000,000,600 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\winscp.rnd
[2011/02/14 03:32:58 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/02/14 03:32:09 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/14 03:32:01 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/02/14 03:32:01 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/14 03:32:01 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/14 03:31:54 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/02 13:41:22 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/10/15 02:07:05 | 000,000,701 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\init.dll
[2010/10/15 02:07:05 | 000,000,006 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\SYSTEM32.dll
[2010/10/15 02:06:54 | 000,000,701 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\sound.dll
[2010/10/15 02:05:09 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/10/13 21:52:46 | 000,001,456 | ---- | C] () -- C:\Users\Darron\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/12 18:09:28 | 000,000,132 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/16 13:17:23 | 000,000,732 | ---- | C] () -- C:\Users\Darron\AppData\Local\d3d9caps64.dat
[2009/12/08 14:10:45 | 000,130,503 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/12/08 14:10:45 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/12/08 14:10:38 | 000,355,416 | ---- | C] () -- \hpzids40.dll
[2009/12/03 12:43:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 12:42:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 12:41:05 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/13 09:11:25 | 000,787,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/26 20:18:09 | 000,026,311 | ---- | C] () -- C:\Users\Darron\AppData\Roaming\UserTile.png
[2009/10/24 15:06:39 | 000,000,256 | ---- | C] () -- \pool.bin
[2009/10/22 19:28:33 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/10/14 22:14:47 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2009/10/11 16:19:14 | 000,000,268 | RH-- | C] () -- C:\Users\Darron\AppData\Roaming\Rock
[2009/10/10 20:39:53 | 000,001,356 | ---- | C] () -- C:\Users\Darron\AppData\Local\d3d9caps.dat
[2009/10/10 14:37:19 | 000,210,432 | ---- | C] () -- C:\Users\Darron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 00:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/03/04 13:53:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/04 13:09:41 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2009/03/04 13:09:40 | 000,333,257 | RHS- | C] () -- \bootmgr
[2009/03/04 13:06:36 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/07 21:03:36 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\REWCACHE.DAT
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/09/23 02:39:38 | 000,894,976 | ---- | C] () -- \msdia80.dll

========== LOP Check ==========

[2009/11/17 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\.myibay
[2011/10/05 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\A&I Book Creator
[2009/11/13 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ACT
[2011/01/09 00:32:44 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Ashampoo
[2011/03/03 16:53:02 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/17 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Dropbox
[2011/05/29 12:56:31 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\DRPSu
[2011/09/09 03:51:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\F6F31246D56317A2310463B7840217AF
[2009/10/30 11:51:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\GARMIN
[2011/06/29 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\GetRightToGo
[2011/07/02 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\HandBrake
[2011/06/27 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\HDRsoft
[2011/07/05 18:59:23 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\ICAClient
[2009/11/13 09:19:26 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\IsolatedStorage
[2009/12/22 02:04:15 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Mipony
[2010/07/24 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\mjusbsp
[2010/10/25 13:17:13 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\MyScribe
[2009/10/14 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Nikon
[2010/01/12 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\OxelonMC
[2009/11/03 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\PeerNetworking
[2010/11/16 14:03:49 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Prish
[2011/07/14 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Pro800-Pro900 Series
[2010/10/09 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\QuickScan
[2011/06/29 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Red Kawa
[2010/11/17 12:27:21 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Research In Motion
[2011/08/12 01:07:55 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\rinsebyreal
[2011/09/28 10:53:24 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Softouch
[2011/08/17 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Solveig Multimedia
[2011/10/30 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/02 01:15:09 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\SWiSH Max3
[2011/11/11 19:00:59 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\uTorrent
[2011/02/18 13:48:05 | 000,000,000 | ---D | M] -- C:\Users\Darron\AppData\Roaming\Windows Live Writer
[2011/11/17 12:20:48 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Users\Darron\AppData\Roaming\Rock\*.* /s >


< MD5 for: TERMSRV.DLL >
[2008/02/17 22:06:54 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=53AE63B98BB1C3D7F6A2D70BDD12D5D5 -- C:\Windows\SysNative\termsrv.dll
[2008/02/17 22:06:54 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=53AE63B98BB1C3D7F6A2D70BDD12D5D5 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 21:48:12 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

Attached Thumbnails

  • IMG-20111117-00166.jpg

Edited by Snypa86, 17 November 2011 - 09:28 PM.

  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Skip AVP scan and follow the AVP Analysis part:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image



Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Windows\SysNative\termsrv.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#13
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Clipboard Contents below:


VirSCAN.org Scanned Report :
Scanned time : 2011/11/20 14:28:17 (CST)
Scanner results: Scanners did not find malware!
File Name : termsrv.dll
File Size : 546816 byte
File Type : PE32+ executable for MS Windows (DLL) (console)
MD5 : 53ae63b98bb1c3d7f6a2d70bdd12d5d5
SHA1 : de27d052472ac417542866963fe39bb34dcc4b17
Online report : http://r.virscan.org...ad85cff8553573a

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111120130218 2011-11-20 3.56 -
AhnLab V3 2011.11.19.00 2011.11.19 2011-11-19 15.66 -
AntiVir 8.2.6.116 7.11.17.231 2011-11-18 0.27 -
Antiy 2.0.18 20111120.14290528 2011-11-20 0.02 -
Arcavir 2011 201111190120 2011-11-19 3.11 -
Authentium 5.1.1 201111191819 2011-11-19 1.51 -
AVAST! 4.7.4 111119-1 2011-11-19 0.04 -
AVG 10.0.1405 2090/4027 2011-11-19 0.08 -
BitDefender 7.90123.9166342 7.39908 2011-11-20 5.19 -
ClamAV 0.97.1 13965 2011-11-19 0.01 -
Comodo 5.1 10780 2011-11-17 1.97 -
CP Secure 1.3.0.5 2011.11.19 2011-11-19 0.10 -
Dr.Web 5.0.2.3300 2011.11.20 2011-11-20 15.77 -
F-Prot 4.6.2.117 20111119 2011-11-19 0.79 -
F-Secure 7.02.73807 2011.11.19.03 2011-11-19 0.20 -
Fortinet 4.2.257 14.374 2011-11-19 0.72 -
GData 22.2834 20111120 2011-11-20 10.56 -
ViRobot 20111119 2011.11.19 2011-11-19 1.94 -
Ikarus T3.1.32.20.0 2011.11.19.79833 2011-11-19 4.93 -
JiangMin 13.0.900 2011.11.19 2011-11-19 2.27 -
Kaspersky 5.5.10 2011.11.20 2011-11-20 0.10 -
KingSoft 2009.2.5.15 2011.11.20.9 2011-11-20 0.97 -
McAfee 5400.1158 6535 2011-11-19 11.18 -
Microsoft 1.7801 2011.11.20 2011-11-20 40.10 -
NOD32 3.0.21 6641 2011-11-18 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 24.02 -
Panda 9.05.01 2011.11.19 2011-11-19 26.95 -
Trend Micro 9.500-1005 8.586.01 2011-11-19 0.03 -
Quick Heal 11.00 2011.11.18 2011-11-18 5.78 -
Rising 20.0 23.84.04.02 2011-11-18 0.65 -
Sophos 3.24.4 4.70 2011-11-20 4.50 -
Sunbelt 3.9.2515.2 11094 2011-11-19 2.11 -
Symantec 1.3.0.24 20111119.016 2011-11-19 0.06 -
nProtect 20111119.01 12993033 2011-11-19 20.52 -
The Hacker 6.7.0.1 v00345 2011-11-19 1.20 -
VBA32 3.12.16.4 20111118.1105 2011-11-18 7.95 -
VirusBuster 5.4.0.10 14.1.73.0/6835106 2011-11-20 0.01 -

Attached Files


  • 0

#14
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
I can't find anything really bad, let's try a final rootkit scan before we move on

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#15
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
265 objects were scanned, however no suspicious or infected file was found. The scan took less than 2 minutes to complete. There was nothing present when I clicked "details", so i have nothing to post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP