Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection: Alureon.fe

Started by brhans , Nov 07 2011 12:31 PM

  • Please log in to reply

#1
brhans
Posted 07 November 2011 - 12:31 PM

brhans

    New Member

  • Member
  • Pip
  • 6 posts
I run Microsoft Security Essentials and this morning it found Alureon.fe after I visited a website that appeared to be attacking one of my websites. I was browsing with Firefox 7.0.1. After or as MSE was removing the problem, a Flash updater popped up, so I closed it out. It kept on popping up, so I kept closing it. Then something else popped up saying something was corrupted with my disk. I ignored it and turned off the computer. My browser and computer seemed to be running slowing this morning as well.

I looked up Alureon at Microsoft's site and ran the Microsoft Standalone System Sweeper per Microsoft's Encyclopedia entry for Win32/Alureon. It turned up nothing. I rebooted and ran Malwarebytes' Anti-Malware. It turned up six infections and then removed them. Microsoft Security Essential's log shows that it removed Alureon.fe three times this morning.

I need help cleaning the infection and seeing if there are others on my computer.

Thank you,
Bryan

The OTL log file:

OTL logfile created on: 11/7/2011 12:20:10 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bryan Hansel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.66% Memory free
4.21 Gb Paging File | 3.09 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 338.20 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 94.37 Gb Free Space | 20.26% Space Free | Partition Type: NTFS

Computer Name: BRH-PC | User Name: Bryan Hansel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 11:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan Hansel\Desktop\OTL.exe
PRC - [2011/10/01 16:39:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/29 12:31:54 | 000,222,504 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2010/08/09 06:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/12/20 01:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/09 12:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 13:20:09 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/26 13:16:40 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/26 13:16:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/26 13:15:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/26 06:32:03 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/14 15:20:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/14 15:20:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/14 15:19:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/14 15:18:24 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 15:18:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/01 16:39:02 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 11:37:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A223268-8C7E-4534-8EFB-205F9070E04E}\MpKslcc2799d3.sys -- (MpKslcc2799d3)
DRV - [2011/08/17 09:02:17 | 000,026,976 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/03/25 10:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 10:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 10:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 10:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 10:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/10/30 11:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 21:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 08:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 18:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/05/11 16:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2006/02/14 12:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 17:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2004/05/07 11:02:08 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EyeOneDp.sys -- (eyeonedp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {16cbd87c-eb99-4f5c-9825-83cf13ab7ff8}:1.5.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.200902
FF - prefs.js..extensions.enabledItems: [email protected]:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..keyword.URL: "http://www.sitfy.com...ls=esSjnZf3&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.sitfy.com...ls=esSjnZf3&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bryan Hansel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bryan Hansel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bryan Hansel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/09/26 08:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 16:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 08:21:48 | 000,000,000 | ---D | M]

[2009/03/11 21:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions
[2009/02/15 10:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2008/09/29 19:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/03/11 21:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 06:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions
[2007/05/13 09:36:49 | 000,000,000 | ---D | M] (Adsense Notifier) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\{2722cbe5-82a8-4037-a8f5-e1cb2100e3b2}(31)
[2007/05/01 23:10:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(45)
[2007/04/30 16:12:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(46)
[2010/10/12 11:55:20 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\[email protected]
[2010/09/22 15:39:42 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\[email protected]
[2007/10/05 21:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Sunbird\Profiles\x371s40p.default\extensions
[2010/10/17 20:49:25 | 000,001,820 | ---- | M] () -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\searchplugins\bing.xml
[2009/02/15 22:39:52 | 000,001,281 | ---- | M] () -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\searchplugins\twitter-search.xml
[2008/06/22 22:13:55 | 000,001,108 | ---- | M] () -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\searchplugins\wikipedia.xml
[2011/11/07 12:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/26 09:29:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/26 17:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/28 08:11:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/07 12:09:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BRYAN HANSEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NYJRCEJ3.DEFAULT\EXTENSIONS\{16CBD87C-EB99-4F5C-9825-83CF13AB7FF8}.XPI
() (No name found) -- C:\USERS\BRYAN HANSEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NYJRCEJ3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/10/01 16:39:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/07 12:08:56 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/05 12:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Bryan Hansel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: sixty second shooter = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlbhjpainpnikdjnmcmiaombhhchkg\1.0.0.3_0\

O1 HOSTS File: ([2010/10/28 09:30:34 | 000,424,222 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14622 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Lightscreen] C:\Program Files\Lightscreen\lightscreen.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bryan Hansel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://www.lakesuper...misc/VatDec.cab (VatCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2E565A-2A4D-4CBA-A6F8-EDA5F5B1B675}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{41940548-63fe-11de-b43c-0016d491ede2}\Shell\AutoRun\command - "" = F:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{41940548-63fe-11de-b43c-0016d491ede2}\Shell\Flip Video for PC\command - "" = F:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{761bfe44-673b-11e0-ba31-0016d491ede2}\Shell - "" = AutoRun
O33 - MountPoints2\{761bfe47-673b-11e0-ba31-0016d491ede2}\Shell - "" = AutoRun
O33 - MountPoints2\{761bfe47-673b-11e0-ba31-0016d491ede2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{ab138292-c411-11de-8b33-0016d491ede2}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 12:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/11/07 12:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/07 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/11/07 11:54:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bryan Hansel\Desktop\OTL.exe
[2011/11/07 07:18:49 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\Desktop\full-size-jpeg
[2011/11/06 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\Desktop\Canoe
[2011/11/06 11:07:37 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\Desktop\web
[2011/11/04 18:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/28 13:48:43 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/08 17:05:03 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\AppData\Roaming\InfraRecorder
[2011/10/08 17:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
[2011/10/08 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/12/19 10:59:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Bryan Hansel\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 11:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan Hansel\Desktop\OTL.exe
[2011/11/07 11:52:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job
[2011/11/07 11:43:44 | 000,614,930 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 11:43:44 | 000,113,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/07 11:38:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 11:38:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 11:37:30 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/07 11:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 08:35:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 15:51:15 | 013,379,178 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\thedead-print.zip
[2011/11/06 14:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
[2011/11/06 09:46:40 | 000,640,936 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\simpleseo-freebie.pdf
[2011/11/05 20:34:39 | 001,072,406 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\Crackles0004_1_L.jpg
[2011/11/03 23:05:08 | 000,004,858 | ---- | M] () -- C:\Windows\SETUP.LST
[2011/11/03 23:05:08 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.004
[2011/11/03 23:04:56 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.003
[2011/11/03 23:04:34 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.002
[2011/11/02 08:23:03 | 000,193,650 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\P6230381.JPG
[2011/11/02 08:23:00 | 000,230,623 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\P6230382.JPG
[2011/10/29 08:16:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/28 13:48:48 | 000,002,050 | ---- | M] () -- C:\Users\Bryan Hansel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/26 10:21:00 | 001,887,817 | ---- | M] () -- C:\Users\Bryan Hansel\stackedImage.jpg
[2011/10/26 07:57:44 | 038,811,235 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\28-OP-oct-2011.pdf
[2011/10/14 15:16:29 | 001,731,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 12:06:45 | 000,001,799 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/11/06 15:50:50 | 013,379,178 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\thedead-print.zip
[2011/11/06 09:46:40 | 000,640,936 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\simpleseo-freebie.pdf
[2011/11/05 20:34:24 | 001,072,406 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\Crackles0004_1_L.jpg
[2011/11/03 23:05:07 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.004
[2011/11/03 23:04:55 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.003
[2011/11/03 23:04:34 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.002
[2011/11/02 08:23:03 | 000,193,650 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\P6230381.JPG
[2011/11/02 08:22:53 | 000,230,623 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\P6230382.JPG
[2011/10/28 13:48:48 | 000,002,050 | ---- | C] () -- C:\Users\Bryan Hansel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/28 13:47:26 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job
[2011/10/28 13:47:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
[2011/10/26 10:20:57 | 001,887,817 | ---- | C] () -- C:\Users\Bryan Hansel\stackedImage.jpg
[2011/10/26 07:55:12 | 038,811,235 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\28-OP-oct-2011.pdf
[2011/08/17 10:20:45 | 000,000,222 | ---- | C] () -- C:\Windows\DC_Manager.ini
[2010/12/19 11:31:37 | 000,000,551 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\AutoGK.ini
[2010/12/19 10:59:02 | 000,087,608 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\inst.exe
[2010/12/19 10:59:02 | 000,007,887 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\pcouffin.cat
[2010/12/19 10:59:02 | 000,001,144 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\pcouffin.inf
[2010/11/11 15:28:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\MediaFolder
[2010/11/02 09:09:39 | 000,000,384 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\.backup.dm
[2010/10/27 16:55:34 | 000,098,304 | ---- | C] () -- C:\Windows\System32\LFC.exe
[2010/06/11 17:17:34 | 000,000,221 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/14 21:17:37 | 000,001,099 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\ShiftN.ini
[2010/03/07 19:52:26 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/07 19:51:32 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/03/07 19:51:32 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/03/07 19:51:32 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7440n.dat
[2010/03/07 19:48:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010/03/07 19:48:30 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010/03/07 19:47:54 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/03/07 19:47:51 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/03/07 19:45:59 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/09/24 08:15:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:15:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 10:51:24 | 001,440,054 | ---- | C] () -- C:\ProgramData\tmp_bmp.bmp
[2009/06/12 10:51:16 | 000,000,572 | ---- | C] () -- C:\ProgramData\MICRX.TNI
[2009/06/12 10:51:01 | 000,000,009 | ---- | C] () -- C:\ProgramData\pict_datax
[2009/06/12 10:51:01 | 000,000,008 | ---- | C] () -- C:\ProgramData\datax
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/09/29 19:16:45 | 000,000,680 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Local\d3d9caps.dat
[2008/08/19 02:02:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/18 12:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/06/05 17:19:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/04/14 17:23:53 | 000,000,016 | -H-- | C] () -- C:\Users\Bryan Hansel\AppData\Local\art.udk
[2008/04/14 17:22:33 | 000,000,017 | -H-- | C] () -- C:\Users\Bryan Hansel\AppData\Local\19720201.dat
[2008/04/14 17:22:30 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/04/09 17:56:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/05 17:07:54 | 000,000,144 | ---- | C] () -- C:\Windows\TOPO.INI
[2008/04/05 16:58:43 | 000,000,011 | ---- | C] () -- C:\Windows\Topo3.ini
[2008/04/05 16:57:52 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/04/05 16:36:24 | 000,000,041 | ---- | C] () -- C:\Windows\FindServ.INI
[2008/02/24 19:55:24 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/02/19 22:53:53 | 004,230,520 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/04 14:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2008/01/10 19:31:04 | 000,000,287 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/03 16:12:53 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2007/09/26 19:27:10 | 000,192,512 | ---- | C] () -- C:\Windows\System32\srkey.exe
[2007/09/26 09:06:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Synth Textures
[2007/09/26 07:42:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2007/08/24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/07/26 20:06:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/29 09:29:49 | 000,147,715 | ---- | C] () -- C:\Windows\System32\prntfix.exe
[2007/05/01 23:47:09 | 000,000,100 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Local\fusioncache.dat
[2007/04/23 20:53:56 | 000,880,640 | ---- | C] () -- C:\Windows\System32\pano12.dll
[2007/04/19 21:55:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/04/12 12:47:13 | 000,440,320 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2007/04/09 21:13:02 | 000,000,438 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/04/08 22:57:36 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\pssetup.cfg
[2007/04/05 14:13:24 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\System Image Utility
[2007/04/05 13:54:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2007/04/05 11:44:23 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys
[2007/04/05 11:37:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MFSBaseLib2889.dll
[2007/04/05 11:37:59 | 000,061,440 | ---- | C] () -- C:\Windows\System32\MFSIFLib2889.dll
[2007/04/05 00:12:23 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/04/04 20:50:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2007/04/04 20:46:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2007/04/04 20:46:26 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\NetServices
[2007/04/04 20:24:50 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\wklnhst.dat
[2007/04/04 19:14:00 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2007/04/04 17:19:21 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/04/04 16:58:55 | 000,029,239 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\UserTile.png
[2007/04/03 18:21:19 | 000,003,748 | ---- | C] () -- C:\Windows\mozver.dat
[2007/04/03 17:30:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/04/03 17:13:35 | 000,245,760 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/05 17:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/01/05 16:35:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/01/05 16:35:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/01/05 16:35:11 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/01/05 16:35:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/01/05 16:30:55 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/05 16:30:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/01/05 16:30:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2006/11/29 00:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 09:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 001,731,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,614,930 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,113,462 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002/08/31 07:00:00 | 000,001,945 | -H-- | C] () -- C:\Windows\System32\msisl$.dll

========== LOP Check ==========

[2007/09/26 08:57:05 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\.k3d
[2010/04/07 19:30:49 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Acronis
[2008/07/29 05:52:55 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Amazon
[2009/10/31 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Aurora
[2008/10/28 18:15:03 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Auslogics
[2009/11/09 16:16:01 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\avidemux
[2009/01/26 19:26:33 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\bellz
[2009/12/14 15:08:41 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2009/04/21 12:17:15 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\com.Spreadtweet2003.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1
[2010/08/05 17:25:53 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Create Software
[2007/04/08 22:54:56 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\CrystalApp
[2009/03/16 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/02/08 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2007/10/28 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Downloaded Installations
[2011/08/30 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\DraftSight
[2011/11/07 11:39:10 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Dropbox
[2009/11/11 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\enchant
[2010/08/01 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\EPSON
[2009/03/23 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\ESRI
[2010/04/03 11:55:49 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Facebook
[2010/12/08 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\FastCopy
[2007/04/05 13:50:48 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\FileMaker
[2010/10/17 10:54:06 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2008/05/06 08:54:20 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\FMZilla
[2010/11/25 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\FreeCAD
[2009/06/10 12:52:10 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\FTWeak
[2009/04/18 14:56:37 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\GARMIN
[2009/06/10 12:52:37 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\GlarySoft
[2010/06/11 18:31:03 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Gmote
[2011/07/23 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\gtk-2.0
[2011/08/06 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Gunther Wegner
[2011/04/03 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\HDRsoft
[2008/09/30 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Imagenomic
[2009/09/23 17:55:12 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\ImmerVision
[2011/08/17 10:21:40 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\IMSIDesign
[2011/10/08 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\InfraRecorder
[2010/09/27 08:44:20 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\inkscape
[2007/04/03 23:05:20 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\InterVideo
[2009/02/07 20:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\KeePass
[2009/10/31 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Light Crafts
[2010/07/13 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\LOVE
[2011/03/04 11:35:40 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2007/11/19 16:55:06 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Mind Control Software
[2009/10/02 10:35:26 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2007/09/26 07:55:20 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Nikon
[2010/07/31 10:39:09 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Oloneo
[2011/04/26 09:15:39 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\onOne Software
[2008/10/13 12:48:25 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\OpenOffice.org
[2008/01/24 20:39:39 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Opera
[2007/09/04 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\OverDrive
[2007/09/26 09:15:38 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Participatory Culture Foundation
[2007/09/30 22:50:18 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\PCF-VLC
[2007/11/19 16:55:29 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\PlayFirst
[2008/02/18 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\pokerth
[2007/12/14 19:38:55 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\PrevxCSI
[2009/01/15 20:31:54 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Prish
[2008/09/29 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Prism
[2009/02/23 12:50:44 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Python-Eggs
[2010/01/24 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\readefine.anirudhsasikumar.net.45562BB45E8B2F754D6204CBDFEED6C34994A542.1
[2007/09/04 10:22:06 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\RibbonSoft
[2011/10/29 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Rightload
[2010/12/19 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\RipIt4Me
[2009/09/01 15:10:24 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\SanDisk
[2010/09/03 12:04:33 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\ScanSoft
[2010/06/11 18:25:39 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Soluto
[2010/09/12 11:05:17 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Songbird2
[2009/03/17 19:33:13 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1
[2011/07/04 00:38:36 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Stellarium
[2009/02/08 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\stickies
[2007/04/12 13:03:27 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\STOIK
[2011/01/07 19:48:45 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Synaptics
[2011/04/26 09:31:05 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\SystemRequirementsLab
[2011/04/26 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Systweak
[2007/04/04 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Template
[2011/11/07 08:07:56 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\TeraCopy
[2007/08/20 10:00:49 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Toshiba
[2009/01/19 21:05:03 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\TripTracker
[2009/02/15 23:10:47 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/11/30 11:00:15 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/05/24 21:30:38 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\UFOAI
[2009/10/15 14:29:09 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Unity
[2011/10/29 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\uTorrent
[2010/12/19 10:59:02 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\Vso
[2008/09/29 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\WebApps
[2010/02/02 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\webex
[2011/02/09 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\XMind
[2011/08/17 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bryan Hansel\AppData\Roaming\ZWSoft
[2011/11/07 11:37:30 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/11/07 11:34:56 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData\Light Crafts:$ES_DESCRIPTOR_NBP2VBVKPVF9VPPP55N3EDT0ETX1JU0VSVLLV7J
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7EE134B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:54FC943C

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 08 November 2011 - 12:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
brhans
Posted 08 November 2011 - 09:53 AM

brhans

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the response and the help. I appreciate it.

Everything ran and generated txt files. The only question that I have is when I ran aswMBR.exe, it asked if I wanted to download definitions. I didn't do that, because you didn't mention it. If I need to do that, please, let me know.

Here are the text files running in order as you listed them in your response.

Thanks,
Bryan

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8114

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/8/2011 8:59:18 AM
mbam-log-2011-11-08 (08-59-18).txt

Scan type: Quick scan
Objects scanned: 180985
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-----------------------------------------------------------------

ComboFix 11-11-08.02 - Bryan Hansel 11/08/2011 9:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1137 [GMT -6:00]
Running from: c:\users\Bryan Hansel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Bryan Hansel\AppData\Roaming\inst.exe
c:\users\Bryan Hansel\AppData\Roaming\Love
c:\users\Bryan Hansel\AppData\Roaming\Love\TSW\data.lua
c:\windows\ST6UNST.000
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 15:18 . 2011-11-08 15:21 -------- d-----w- c:\users\Bryan Hansel\AppData\Local\temp
2011-11-08 14:50 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 14:50 . 2011-11-08 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 00:11 . 2011-11-08 00:11 -------- d-----w- c:\program files\7-Zip
2011-11-08 00:09 . 2011-11-08 00:09 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F3586CF-224E-466D-81E3-16A1E51A7A03}\MpKsl8a2bceed.sys
2011-11-08 00:09 . 2011-11-08 00:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F3586CF-224E-466D-81E3-16A1E51A7A03}\offreg.dll
2011-11-08 00:09 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F3586CF-224E-466D-81E3-16A1E51A7A03}\mpengine.dll
2011-11-07 18:10 . 2011-11-07 18:41 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-07 18:09 . 2011-11-07 18:09 -------- d-----w- c:\program files\Common Files\Java
2011-11-07 18:06 . 2011-11-07 18:06 -------- d-----w- c:\program files\FileHippo.com
2011-11-05 00:05 . 2011-11-05 00:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-18 23:15 . 2011-10-18 23:14 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DD79B7C-D8B0-4659-BCD3-E23D8D4EF807}\gapaengine.dll
2011-10-12 21:58 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:58 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 21:58 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:58 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:57 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:57 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 21:57 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:57 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:57 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:57 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 18:08 . 2010-06-06 12:47 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-26 12:32 . 2011-06-03 01:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2011-06-18 23:20 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-17 15:02 . 2011-08-17 15:02 6656 ----a-w- c:\windows\system32\Ry4CoInst.dll
2011-08-17 15:02 . 2011-08-17 15:02 26976 ----a-w- c:\windows\system32\drivers\Rockey4.sys
2011-08-17 15:02 . 2011-08-17 15:02 20648 ----a-w- c:\windows\system32\drivers\Rockey4USB.sys
2011-10-01 22:39 . 2011-03-22 19:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Lightscreen"="c:\program files\Lightscreen\lightscreen.exe" [2010-03-17 563200]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-29 1938728]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2007-4-5 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 19:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl274e9c40;MpKsl274e9c40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3750F6F0-A932-492F-B057-FC2636BD0A84}\MpKsl274e9c40.sys [x]
R1 MpKsla45ee12a;MpKsla45ee12a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6153C83-475D-4AA3-83FD-C5B2881851C5}\MpKsla45ee12a.sys [x]
R1 MpKslb18dd246;MpKslb18dd246;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEA410BC-A360-40A5-9581-36145981F14E}\MpKslb18dd246.sys [x]
R1 MpKslc82c6417;MpKslc82c6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B783F326-1007-4639-BD32-154762882476}\MpKslc82c6417.sys [x]
R1 MpKslfc05283c;MpKslfc05283c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A223268-8C7E-4534-8EFB-205F9070E04E}\MpKslfc05283c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c94422f3136080;Google Update Service (gupdate1c94422f3136080);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-11 133104]
R3 73058414;73058414; [x]
R3 93104158;93104158; [x]
R3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2004-05-07 44344]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-11 133104]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S1 MpKslcc2799d3;MpKslcc2799d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A223268-8C7E-4534-8EFB-205F9070E04E}\MpKslcc2799d3.sys [x]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2006-05-11 14416]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8A2BCEED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-10 16:39]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-11 17:28]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-11 17:28]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
- c:\users\Bryan Hansel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 19:47]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job
- c:\users\Bryan Hansel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 19:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=esSjnZf3&q=
FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=esSjnZf3&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-08 09:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x9460F276
[0] 0xA5AA32EB
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-11-08 09:26:32
ComboFix-quarantined-files.txt 2011-11-08 15:26
.
Pre-Run: 361,143,922,688 bytes free
Post-Run: 366,172,377,088 bytes free
.
- - End Of File - - DA08AD8D4E2DF6E36FBB6113AACD230B

-----------------------------------------------------------

09:32:39.0167 2732 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
09:32:39.0791 2732 ============================================================
09:32:39.0791 2732 Current date / time: 2011/11/08 09:32:39.0791
09:32:39.0791 2732 SystemInfo:
09:32:39.0791 2732
09:32:39.0791 2732 OS Version: 6.0.6002 ServicePack: 2.0
09:32:39.0791 2732 Product type: Workstation
09:32:39.0791 2732 ComputerName: BRH-PC
09:32:39.0791 2732 UserName: Bryan Hansel
09:32:39.0791 2732 Windows directory: C:\Windows
09:32:39.0791 2732 System windows directory: C:\Windows
09:32:39.0791 2732 Processor architecture: Intel x86
09:32:39.0791 2732 Number of processors: 2
09:32:39.0791 2732 Page size: 0x1000
09:32:39.0791 2732 Boot type: Normal boot
09:32:39.0791 2732 ============================================================
09:32:41.0398 2732 Initialize success
09:33:15.0624 5640 ============================================================
09:33:15.0624 5640 Scan started
09:33:15.0624 5640 Mode: Manual;
09:33:15.0624 5640 ============================================================
09:33:16.0498 5640 73058414 - ok
09:33:16.0592 5640 93104158 - ok
09:33:16.0654 5640 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:33:16.0654 5640 ACPI - ok
09:33:16.0763 5640 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:33:16.0763 5640 adp94xx - ok
09:33:16.0872 5640 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:33:16.0888 5640 adpahci - ok
09:33:16.0982 5640 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:33:16.0982 5640 adpu160m - ok
09:33:17.0013 5640 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:33:17.0013 5640 adpu320 - ok
09:33:17.0138 5640 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:33:17.0138 5640 AFD - ok
09:33:17.0216 5640 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys
09:33:17.0231 5640 AgereSoftModem - ok
09:33:17.0309 5640 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:33:17.0309 5640 agp440 - ok
09:33:17.0418 5640 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:33:17.0418 5640 aic78xx - ok
09:33:17.0528 5640 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:33:17.0528 5640 aliide - ok
09:33:17.0606 5640 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:33:17.0621 5640 amdagp - ok
09:33:17.0715 5640 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:33:17.0715 5640 amdide - ok
09:33:17.0808 5640 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:33:17.0808 5640 AmdK7 - ok
09:33:17.0918 5640 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:33:17.0918 5640 AmdK8 - ok
09:33:18.0027 5640 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:33:18.0027 5640 arc - ok
09:33:18.0120 5640 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:33:18.0120 5640 arcsas - ok
09:33:18.0245 5640 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:33:18.0245 5640 AsyncMac - ok
09:33:18.0292 5640 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:33:18.0292 5640 atapi - ok
09:33:18.0339 5640 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:33:18.0339 5640 Beep - ok
09:33:18.0432 5640 blbdrive - ok
09:33:18.0479 5640 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:33:18.0495 5640 bowser - ok
09:33:18.0573 5640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:33:18.0573 5640 BrFiltLo - ok
09:33:18.0682 5640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:33:18.0682 5640 BrFiltUp - ok
09:33:18.0791 5640 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:33:18.0791 5640 Brserid - ok
09:33:18.0900 5640 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
09:33:18.0900 5640 BrSerIf - ok
09:33:18.0932 5640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:33:18.0932 5640 BrSerWdm - ok
09:33:18.0947 5640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:33:18.0947 5640 BrUsbMdm - ok
09:33:19.0056 5640 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
09:33:19.0056 5640 BrUsbSer - ok
09:33:19.0088 5640 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:33:19.0088 5640 BTHMODEM - ok
09:33:19.0134 5640 catchme - ok
09:33:19.0228 5640 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:33:19.0228 5640 cdfs - ok
09:33:19.0290 5640 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:33:19.0290 5640 cdrom - ok
09:33:19.0322 5640 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:33:19.0322 5640 circlass - ok
09:33:19.0384 5640 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:33:19.0400 5640 CLFS - ok
09:33:19.0509 5640 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:33:19.0509 5640 CmBatt - ok
09:33:19.0556 5640 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:33:19.0556 5640 cmdide - ok
09:33:19.0649 5640 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:33:19.0649 5640 Compbatt - ok
09:33:19.0696 5640 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:33:19.0696 5640 crcdisk - ok
09:33:19.0790 5640 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:33:19.0790 5640 Crusoe - ok
09:33:19.0914 5640 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:33:19.0914 5640 DfsC - ok
09:33:19.0977 5640 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:33:19.0977 5640 disk - ok
09:33:20.0024 5640 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:33:20.0024 5640 drmkaud - ok
09:33:20.0086 5640 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:33:20.0086 5640 DXGKrnl - ok
09:33:20.0180 5640 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:33:20.0180 5640 E1G60 - ok
09:33:20.0304 5640 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:33:20.0320 5640 Ecache - ok
09:33:20.0429 5640 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:33:20.0429 5640 elxstor - ok
09:33:20.0570 5640 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:33:20.0570 5640 exfat - ok
09:33:20.0694 5640 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\Windows\system32\DRIVERS\eyeonedp.sys
09:33:20.0694 5640 eyeonedp - ok
09:33:20.0741 5640 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:33:20.0757 5640 fastfat - ok
09:33:20.0835 5640 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:33:20.0835 5640 fdc - ok
09:33:20.0944 5640 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:33:20.0944 5640 FileInfo - ok
09:33:21.0053 5640 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:33:21.0053 5640 Filetrace - ok
09:33:21.0084 5640 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:33:21.0084 5640 flpydisk - ok
09:33:21.0178 5640 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:33:21.0194 5640 FltMgr - ok
09:33:21.0318 5640 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:33:21.0318 5640 Fs_Rec - ok
09:33:21.0350 5640 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:33:21.0350 5640 gagp30kx - ok
09:33:21.0443 5640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:33:21.0443 5640 GEARAspiWDM - ok
09:33:21.0490 5640 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
09:33:21.0490 5640 grmnusb - ok
09:33:21.0537 5640 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:33:21.0552 5640 HdAudAddService - ok
09:33:21.0662 5640 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:33:21.0677 5640 HDAudBus - ok
09:33:21.0771 5640 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:33:21.0771 5640 HidBth - ok
09:33:21.0864 5640 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:33:21.0864 5640 HidIr - ok
09:33:21.0974 5640 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:33:21.0974 5640 HidUsb - ok
09:33:22.0020 5640 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:33:22.0020 5640 HpCISSs - ok
09:33:22.0114 5640 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:33:22.0114 5640 HTTP - ok
09:33:22.0223 5640 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:33:22.0223 5640 i2omp - ok
09:33:22.0332 5640 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:33:22.0332 5640 i8042prt - ok
09:33:22.0442 5640 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:33:22.0473 5640 ialm - ok
09:33:22.0582 5640 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:33:22.0582 5640 iaStorV - ok
09:33:22.0754 5640 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:33:22.0785 5640 igfx - ok
09:33:22.0894 5640 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:33:22.0894 5640 iirsp - ok
09:33:23.0066 5640 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
09:33:23.0097 5640 IntcAzAudAddService - ok
09:33:23.0206 5640 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:33:23.0206 5640 intelide - ok
09:33:23.0253 5640 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:33:23.0253 5640 intelppm - ok
09:33:23.0315 5640 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:33:23.0331 5640 IpFilterDriver - ok
09:33:23.0409 5640 IpInIp - ok
09:33:23.0456 5640 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:33:23.0456 5640 IPMIDRV - ok
09:33:23.0549 5640 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:33:23.0565 5640 IPNAT - ok
09:33:23.0612 5640 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:33:23.0612 5640 IRENUM - ok
09:33:23.0643 5640 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:33:23.0643 5640 isapnp - ok
09:33:23.0752 5640 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:33:23.0768 5640 iScsiPrt - ok
09:33:23.0861 5640 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:33:23.0861 5640 iteatapi - ok
09:33:23.0955 5640 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:33:23.0955 5640 iteraid - ok
09:33:24.0080 5640 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:33:24.0080 5640 kbdclass - ok
09:33:24.0142 5640 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:33:24.0142 5640 kbdhid - ok
09:33:24.0189 5640 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
09:33:24.0204 5640 KR10I - ok
09:33:24.0298 5640 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
09:33:24.0298 5640 KR10N - ok
09:33:24.0407 5640 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
09:33:24.0423 5640 KR3NPXP - ok
09:33:24.0532 5640 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:33:24.0532 5640 KSecDD - ok
09:33:24.0672 5640 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:33:24.0672 5640 lltdio - ok
09:33:24.0782 5640 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
09:33:24.0782 5640 LPCFilter - ok
09:33:24.0906 5640 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:33:24.0906 5640 LSI_FC - ok
09:33:25.0000 5640 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:33:25.0000 5640 LSI_SAS - ok
09:33:25.0094 5640 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:33:25.0094 5640 LSI_SCSI - ok
09:33:25.0203 5640 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:33:25.0203 5640 luafv - ok
09:33:25.0296 5640 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:33:25.0296 5640 megasas - ok
09:33:25.0390 5640 mfeavfk (26653763d99ea717fc9e069f6be6771e) C:\Windows\system32\drivers\mfeavfk.sys
09:33:25.0390 5640 mfeavfk - ok
09:33:25.0484 5640 mfebopk (e65ce1279f2c1fd9bd81184ceb7f5468) C:\Windows\system32\drivers\mfebopk.sys
09:33:25.0484 5640 mfebopk - ok
09:33:25.0608 5640 mfehidk (f817bfca67475cf04925ece4fcf9c3c0) C:\Windows\system32\drivers\mfehidk.sys
09:33:25.0608 5640 mfehidk - ok
09:33:25.0718 5640 mferkdk (fe03be0b990983a08a33389c00636175) C:\Windows\system32\drivers\mferkdk.sys
09:33:25.0718 5640 mferkdk - ok
09:33:25.0811 5640 mfesmfk (9c73aca963ad8883b9fc44b410e70b71) C:\Windows\system32\drivers\mfesmfk.sys
09:33:25.0811 5640 mfesmfk - ok
09:33:25.0936 5640 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:33:25.0936 5640 Modem - ok
09:33:25.0983 5640 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:33:25.0998 5640 monitor - ok
09:33:26.0045 5640 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:33:26.0045 5640 mouclass - ok
09:33:26.0154 5640 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:33:26.0154 5640 mouhid - ok
09:33:26.0264 5640 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:33:26.0264 5640 MountMgr - ok
09:33:26.0326 5640 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
09:33:26.0326 5640 MpFilter - ok
09:33:26.0404 5640 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:33:26.0420 5640 mpio - ok
09:33:26.0482 5640 MpKsl274e9c40 - ok
09:33:26.0591 5640 MpKsl8a2bceed (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F3586CF-224E-466D-81E3-16A1E51A7A03}\MpKsl8a2bceed.sys
09:33:26.0591 5640 MpKsl8a2bceed - ok
09:33:26.0591 5640 MpKsla45ee12a - ok
09:33:26.0591 5640 MpKslb18dd246 - ok
09:33:26.0622 5640 MpKslc82c6417 - ok
09:33:26.0669 5640 MpKslcc2799d3 - ok
09:33:26.0685 5640 MpKslfc05283c - ok
09:33:26.0794 5640 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:33:26.0794 5640 MpNWMon - ok
09:33:26.0841 5640 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:33:26.0841 5640 mpsdrv - ok
09:33:26.0934 5640 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:33:26.0934 5640 Mraid35x - ok
09:33:26.0997 5640 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:33:27.0012 5640 MRxDAV - ok
09:33:27.0106 5640 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:33:27.0106 5640 mrxsmb - ok
09:33:27.0168 5640 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:33:27.0184 5640 mrxsmb10 - ok
09:33:27.0293 5640 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:33:27.0293 5640 mrxsmb20 - ok
09:33:27.0402 5640 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:33:27.0402 5640 msahci - ok
09:33:27.0418 5640 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:33:27.0418 5640 msdsm - ok
09:33:27.0543 5640 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:33:27.0543 5640 Msfs - ok
09:33:27.0574 5640 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:33:27.0574 5640 msisadrv - ok
09:33:27.0683 5640 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:33:27.0683 5640 MSKSSRV - ok
09:33:27.0699 5640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:33:27.0699 5640 MSPCLOCK - ok
09:33:27.0808 5640 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:33:27.0808 5640 MSPQM - ok
09:33:27.0886 5640 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:33:27.0902 5640 MsRPC - ok
09:33:28.0011 5640 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:33:28.0011 5640 mssmbios - ok
09:33:28.0120 5640 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:33:28.0120 5640 MSTEE - ok
09:33:28.0167 5640 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:33:28.0167 5640 Mup - ok
09:33:28.0229 5640 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:33:28.0229 5640 NativeWifiP - ok
09:33:28.0354 5640 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:33:28.0370 5640 NDIS - ok
09:33:28.0463 5640 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:33:28.0479 5640 NdisTapi - ok
09:33:28.0526 5640 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:33:28.0526 5640 Ndisuio - ok
09:33:28.0557 5640 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:33:28.0557 5640 NdisWan - ok
09:33:28.0666 5640 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:33:28.0666 5640 NDProxy - ok
09:33:28.0760 5640 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:33:28.0760 5640 NetBIOS - ok
09:33:28.0869 5640 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:33:28.0869 5640 netbt - ok
09:33:29.0040 5640 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
09:33:29.0056 5640 NETw3v32 - ok
09:33:29.0212 5640 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
09:33:29.0243 5640 NETw4v32 - ok
09:33:29.0462 5640 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
09:33:29.0493 5640 NETw5v32 - ok
09:33:29.0586 5640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:33:29.0586 5640 nfrd960 - ok
09:33:29.0696 5640 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:33:29.0696 5640 NisDrv - ok
09:33:29.0758 5640 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:33:29.0774 5640 Npfs - ok
09:33:29.0852 5640 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:33:29.0867 5640 nsiproxy - ok
09:33:29.0945 5640 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:33:29.0976 5640 Ntfs - ok
09:33:30.0070 5640 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:33:30.0070 5640 ntrigdigi - ok
09:33:30.0179 5640 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:33:30.0179 5640 Null - ok
09:33:30.0226 5640 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:33:30.0226 5640 nvraid - ok
09:33:30.0304 5640 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:33:30.0304 5640 nvstor - ok
09:33:30.0398 5640 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:33:30.0398 5640 nv_agp - ok
09:33:30.0476 5640 NwlnkFlt - ok
09:33:30.0491 5640 NwlnkFwd - ok
09:33:30.0554 5640 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:33:30.0554 5640 ohci1394 - ok
09:33:30.0663 5640 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:33:30.0663 5640 Parport - ok
09:33:30.0772 5640 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:33:30.0772 5640 partmgr - ok
09:33:30.0834 5640 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:33:30.0834 5640 Parvdm - ok
09:33:30.0928 5640 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:33:30.0944 5640 pci - ok
09:33:31.0022 5640 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
09:33:31.0037 5640 pciide - ok
09:33:31.0146 5640 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
09:33:31.0146 5640 pcmcia - ok
09:33:31.0256 5640 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\Windows\system32\drivers\pdihwctl.sys
09:33:31.0256 5640 PDIHWCTL - ok
09:33:31.0302 5640 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:33:31.0334 5640 PEAUTH - ok
09:33:31.0474 5640 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:33:31.0474 5640 PptpMiniport - ok
09:33:31.0521 5640 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:33:31.0521 5640 Processor - ok
09:33:31.0630 5640 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:33:31.0646 5640 PSched - ok
09:33:31.0677 5640 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
09:33:31.0677 5640 PxHelp20 - ok
09:33:31.0770 5640 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:33:31.0786 5640 ql2300 - ok
09:33:31.0880 5640 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:33:31.0880 5640 ql40xx - ok
09:33:31.0989 5640 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:33:31.0989 5640 QWAVEdrv - ok
09:33:32.0082 5640 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:33:32.0082 5640 RasAcd - ok
09:33:32.0145 5640 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:33:32.0145 5640 Rasl2tp - ok
09:33:32.0223 5640 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:33:32.0223 5640 RasPppoe - ok
09:33:32.0348 5640 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:33:32.0348 5640 RasSstp - ok
09:33:32.0457 5640 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:33:32.0472 5640 rdbss - ok
09:33:32.0582 5640 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:33:32.0582 5640 RDPCDD - ok
09:33:32.0706 5640 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:33:32.0706 5640 rdpdr - ok
09:33:32.0800 5640 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:33:32.0800 5640 RDPENCDD - ok
09:33:32.0862 5640 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:33:32.0862 5640 RDPWD - ok
09:33:32.0972 5640 ROCKEYNT (bbe64ff51a3e01ffc6bf8bcf292c44aa) C:\Windows\system32\DRIVERS\Rockey4.sys
09:33:32.0972 5640 ROCKEYNT - ok
09:33:33.0018 5640 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:33:33.0018 5640 rspndr - ok
09:33:33.0065 5640 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:33:33.0065 5640 RTL8169 - ok
09:33:33.0174 5640 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:33:33.0174 5640 sbp2port - ok
09:33:33.0315 5640 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
09:33:33.0315 5640 sdbus - ok
09:33:33.0362 5640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:33:33.0362 5640 secdrv - ok
09:33:33.0471 5640 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:33:33.0471 5640 Serenum - ok
09:33:33.0564 5640 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:33:33.0564 5640 Serial - ok
09:33:33.0674 5640 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:33:33.0674 5640 sermouse - ok
09:33:33.0752 5640 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:33:33.0767 5640 sffdisk - ok
09:33:33.0798 5640 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:33:33.0798 5640 sffp_mmc - ok
09:33:33.0908 5640 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:33:33.0908 5640 sffp_sd - ok
09:33:33.0954 5640 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:33:33.0954 5640 sfloppy - ok
09:33:34.0048 5640 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:33:34.0048 5640 sisagp - ok
09:33:34.0157 5640 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:33:34.0157 5640 SiSRaid2 - ok
09:33:34.0266 5640 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:33:34.0266 5640 SiSRaid4 - ok
09:33:34.0376 5640 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:33:34.0376 5640 Smb - ok
09:33:34.0516 5640 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:33:34.0516 5640 spldr - ok
09:33:34.0578 5640 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:33:34.0578 5640 srv - ok
09:33:34.0641 5640 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:33:34.0641 5640 srv2 - ok
09:33:34.0750 5640 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:33:34.0750 5640 srvnet - ok
09:33:34.0875 5640 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:33:34.0875 5640 swenum - ok
09:33:35.0000 5640 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:33:35.0000 5640 Symc8xx - ok
09:33:35.0093 5640 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:33:35.0109 5640 Sym_hi - ok
09:33:35.0218 5640 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:33:35.0218 5640 Sym_u3 - ok
09:33:35.0358 5640 SynTP (31cc5270661e4e0af6ebe76ef885940e) C:\Windows\system32\DRIVERS\SynTP.sys
09:33:35.0374 5640 SynTP - ok
09:33:35.0546 5640 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
09:33:35.0546 5640 Tcpip - ok
09:33:35.0670 5640 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
09:33:35.0686 5640 Tcpip6 - ok
09:33:35.0795 5640 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
09:33:35.0795 5640 tcpipreg - ok
09:33:35.0842 5640 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
09:33:35.0842 5640 tdcmdpst - ok
09:33:35.0889 5640 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:33:35.0889 5640 TDPIPE - ok
09:33:35.0998 5640 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:33:35.0998 5640 TDTCP - ok
09:33:36.0060 5640 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:33:36.0060 5640 tdx - ok
09:33:36.0107 5640 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:33:36.0107 5640 TermDD - ok
09:33:36.0216 5640 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
09:33:36.0216 5640 tifm21 - ok
09:33:36.0294 5640 Tosrfcom - ok
09:33:36.0341 5640 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
09:33:36.0341 5640 tosrfec - ok
09:33:36.0466 5640 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:33:36.0466 5640 tssecsrv - ok
09:33:36.0513 5640 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:33:36.0513 5640 tunmp - ok
09:33:36.0560 5640 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:33:36.0560 5640 tunnel - ok
09:33:36.0591 5640 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:33:36.0591 5640 TVALZ - ok
09:33:36.0700 5640 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:33:36.0700 5640 uagp35 - ok
09:33:36.0840 5640 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:33:36.0840 5640 udfs - ok
09:33:36.0965 5640 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:33:36.0965 5640 uliagpkx - ok
09:33:37.0074 5640 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:33:37.0074 5640 uliahci - ok
09:33:37.0184 5640 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:33:37.0184 5640 UlSata - ok
09:33:37.0293 5640 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:33:37.0293 5640 ulsata2 - ok
09:33:37.0402 5640 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:33:37.0418 5640 umbus - ok
09:33:37.0480 5640 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:33:37.0480 5640 USBAAPL - ok
09:33:37.0527 5640 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:33:37.0542 5640 usbccgp - ok
09:33:37.0620 5640 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:33:37.0636 5640 usbcir - ok
09:33:37.0730 5640 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:33:37.0730 5640 usbehci - ok
09:33:37.0854 5640 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:33:37.0854 5640 usbhub - ok
09:33:37.0964 5640 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:33:37.0964 5640 usbohci - ok
09:33:38.0073 5640 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:33:38.0073 5640 usbprint - ok
09:33:38.0135 5640 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:33:38.0135 5640 usbscan - ok
09:33:38.0182 5640 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:33:38.0182 5640 USBSTOR - ok
09:33:38.0291 5640 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:33:38.0291 5640 usbuhci - ok
09:33:38.0338 5640 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:33:38.0338 5640 vga - ok
09:33:38.0432 5640 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:33:38.0432 5640 VgaSave - ok
09:33:38.0525 5640 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:33:38.0525 5640 viaagp - ok
09:33:38.0619 5640 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:33:38.0619 5640 ViaC7 - ok
09:33:38.0728 5640 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:33:38.0728 5640 viaide - ok
09:33:38.0837 5640 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:33:38.0837 5640 volmgr - ok
09:33:38.0946 5640 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:33:38.0962 5640 volmgrx - ok
09:33:39.0071 5640 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:33:39.0071 5640 volsnap - ok
09:33:39.0180 5640 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:33:39.0180 5640 vsmraid - ok
09:33:39.0305 5640 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:33:39.0305 5640 WacomPen - ok
09:33:39.0414 5640 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:39.0414 5640 Wanarp - ok
09:33:39.0430 5640 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:39.0430 5640 Wanarpv6 - ok
09:33:39.0492 5640 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:33:39.0492 5640 Wd - ok
09:33:39.0586 5640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:33:39.0602 5640 Wdf01000 - ok
09:33:39.0804 5640 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:33:39.0804 5640 WmiAcpi - ok
09:33:39.0945 5640 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:33:39.0945 5640 WpdUsb - ok
09:33:40.0007 5640 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:33:40.0007 5640 ws2ifsl - ok
09:33:40.0085 5640 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:33:40.0085 5640 WUDFRd - ok
09:33:40.0116 5640 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
09:33:40.0132 5640 \Device\Harddisk0\DR0 - ok
09:33:40.0132 5640 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
09:33:40.0491 5640 \Device\Harddisk1\DR1 - ok
09:33:40.0491 5640 Boot (0x1200) (43560028248614b175bee2830be89b56) \Device\Harddisk0\DR0\Partition0
09:33:40.0491 5640 \Device\Harddisk0\DR0\Partition0 - ok
09:33:40.0506 5640 Boot (0x1200) (15bde1ad0e1abe99c842d8016d0359b6) \Device\Harddisk1\DR1\Partition0
09:33:40.0506 5640 \Device\Harddisk1\DR1\Partition0 - ok
09:33:40.0506 5640 ============================================================
09:33:40.0506 5640 Scan finished
09:33:40.0506 5640 ============================================================
09:33:40.0522 2092 Detected object count: 0
09:33:40.0522 2092 Actual detected object count: 0
09:33:51.0348 4024 Deinitialize success


----------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-08 09:35:03
-----------------------------
09:35:03.867 OS Version: Windows 6.0.6002 Service Pack 2
09:35:03.867 Number of processors: 2 586 0xF06
09:35:03.867 ComputerName: BRH-PC UserName:
09:35:06.129 Initialize success
09:36:14.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:36:14.683 Disk 0 Vendor: WDC_WD5000BEVT-22A0RT0 01.01A01 Size: 476940MB BusType: 3
09:36:14.699 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
09:36:14.699 Disk 1 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 3
09:36:18.536 Disk 0 MBR read successfully
09:36:18.536 Disk 0 MBR scan
09:36:18.552 Disk 0 Windows VISTA default MBR code
09:36:18.552 Disk 0 scanning sectors +976771072
09:36:18.661 Disk 0 scanning C:\Windows\system32\drivers
09:36:26.789 Service scanning
09:36:27.444 Service MpKsl8a2bceed c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F3586CF-224E-466D-81E3-16A1E51A7A03}\MpKsl8a2bceed.sys **LOCKED** 32
09:36:27.444 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:36:28.099 Modules scanning
09:36:39.846 Disk 0 trace - called modules:
09:36:39.877 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
09:36:39.877 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b31430]
09:36:39.893 3 CLASSPNP.SYS[880988b3] -> nt!IofCallDriver -> [0x84a042c8]
09:36:39.893 5 acpi.sys[8263e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a3fb98]
09:36:39.908 Scan finished successfully
09:37:14.618 Disk 0 MBR has been saved successfully to "C:\Users\Bryan Hansel\Desktop\MBR.dat"
09:37:14.618 The log file has been saved successfully to "C:\Users\Bryan Hansel\Desktop\aswMBR.txt"


------------------------------------------------------------------------

OTL logfile created on: 11/8/2011 9:39:02 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bryan Hansel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.64% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 340.99 Gb Free Space | 73.44% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 94.37 Gb Free Space | 20.26% Space Free | Partition Type: NTFS

Computer Name: BRH-PC | User Name: Bryan Hansel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 11:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan Hansel\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/29 12:31:54 | 000,222,504 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/12/20 01:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/09 12:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/03 20:11:22 | 000,223,232 | ---- | M] () -- C:\Program Files\Rightload\RightloadContext32.dll
MOD - [2009/07/13 20:50:04 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2008/06/09 16:49:56 | 000,328,704 | ---- | M] () -- C:\Program Files\Instant JPEG From RAW\InstantJPEGFromRAWExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/09/12 10:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/07/20 14:54:28 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (SASKUTIL)
DRV - File not found [Kernel | Unknown | Running] -- -- (SASDIFSV)
DRV - File not found [Kernel | System | Running] -- -- (MpKslcc2799d3)
DRV - [2011/11/07 18:09:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F3586CF-224E-466D-81E3-16A1E51A7A03}\MpKsl8a2bceed.sys -- (MpKsl8a2bceed)
DRV - [2011/08/17 09:02:17 | 000,026,976 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/03/25 10:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 10:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 10:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 10:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 10:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/10/30 11:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 21:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/31 08:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/28 18:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/05/11 16:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2006/02/14 12:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 17:57:38 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2004/05/07 11:02:08 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EyeOneDp.sys -- (eyeonedp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {16cbd87c-eb99-4f5c-9825-83cf13ab7ff8}:1.5.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.200902
FF - prefs.js..extensions.enabledItems: [email protected]:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..keyword.URL: "http://www.sitfy.com...ls=esSjnZf3&q="

FF - user.js..keyword.URL: "http://www.sitfy.com...ls=esSjnZf3&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bryan Hansel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bryan Hansel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bryan Hansel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/09/26 08:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 16:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/26 08:21:48 | 000,000,000 | ---D | M]

[2009/03/11 21:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions
[2009/02/15 10:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2008/09/29 19:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/03/11 21:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 06:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions
[2007/05/13 09:36:49 | 000,000,000 | ---D | M] (Adsense Notifier) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\{2722cbe5-82a8-4037-a8f5-e1cb2100e3b2}(31)
[2007/05/01 23:10:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(45)
[2007/04/30 16:12:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(46)
[2010/10/12 11:55:20 | 000,000,000 | ---D | M] (After the Deadline) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\[email protected]
[2010/09/22 15:39:42 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\extensions\[email protected]
[2007/10/05 21:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Sunbird\Profiles\x371s40p.default\extensions
[2010/10/17 20:49:25 | 000,001,820 | ---- | M] () -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\searchplugins\bing.xml
[2009/02/15 22:39:52 | 000,001,281 | ---- | M] () -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\searchplugins\twitter-search.xml
[2008/06/22 22:13:55 | 000,001,108 | ---- | M] () -- C:\Users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\searchplugins\wikipedia.xml
[2011/11/07 12:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/26 09:29:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/26 17:12:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/28 08:11:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/07 12:09:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BRYAN HANSEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NYJRCEJ3.DEFAULT\EXTENSIONS\{16CBD87C-EB99-4F5C-9825-83CF13AB7FF8}.XPI
() (No name found) -- C:\USERS\BRYAN HANSEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NYJRCEJ3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/10/01 16:39:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/07 12:08:56 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/05 12:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Bryan Hansel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: sixty second shooter = C:\Users\Bryan Hansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlbhjpainpnikdjnmcmiaombhhchkg\1.0.0.3_0\

O1 HOSTS File: ([2011/11/08 09:20:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Lightscreen] C:\Program Files\Lightscreen\lightscreen.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bryan Hansel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://www.lakesuper...misc/VatDec.cab (VatCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2E565A-2A4D-4CBA-A6F8-EDA5F5B1B675}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 09:26:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 09:26:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/08 09:26:34 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\AppData\Local\temp
[2011/11/08 09:06:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/08 09:06:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/08 09:06:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/08 09:06:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/08 09:06:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 09:04:17 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Bryan Hansel\Desktop\aswMBR.exe
[2011/11/08 09:04:04 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bryan Hansel\Desktop\tdsskiller(1).exe
[2011/11/08 09:03:03 | 004,286,253 | R--- | C] (Swearware) -- C:\Users\Bryan Hansel\Desktop\ComboFix.exe
[2011/11/08 08:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 08:50:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/08 08:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/08 08:47:57 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bryan Hansel\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/07 18:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/11/07 18:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/11/07 12:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/11/07 12:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/07 12:09:08 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/07 12:09:08 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/07 12:09:08 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/07 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/11/07 11:54:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bryan Hansel\Desktop\OTL.exe
[2011/11/06 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\Desktop\Canoe
[2011/11/06 11:07:37 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\Desktop\web
[2011/11/04 18:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/28 13:48:43 | 000,000,000 | ---D | C] -- C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/13 17:51:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/13 17:51:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 17:51:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/13 17:51:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/13 17:51:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 15:58:05 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 15:58:04 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 15:58:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 15:58:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 15:57:59 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 15:57:06 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 15:57:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/12/19 10:59:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Bryan Hansel\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 09:37:14 | 000,000,512 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\MBR.dat
[2011/11/08 09:35:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 09:27:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 09:27:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 09:20:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/08 09:04:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Bryan Hansel\Desktop\aswMBR.exe
[2011/11/08 09:04:05 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bryan Hansel\Desktop\tdsskiller(1).exe
[2011/11/08 09:03:16 | 004,286,253 | R--- | M] (Swearware) -- C:\Users\Bryan Hansel\Desktop\ComboFix.exe
[2011/11/08 08:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job
[2011/11/08 08:50:32 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 08:48:11 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bryan Hansel\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/08 07:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 17:24:35 | 000,268,154 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\screenshot.1.jpg
[2011/11/07 14:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
[2011/11/07 13:37:38 | 000,614,930 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 13:37:38 | 000,113,462 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/07 13:30:28 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/07 12:08:55 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/07 12:08:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/07 12:08:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/07 12:08:54 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/11/07 11:55:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bryan Hansel\Desktop\OTL.exe
[2011/11/06 15:51:15 | 013,379,178 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\thedead-print.zip
[2011/11/06 09:46:40 | 000,640,936 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\simpleseo-freebie.pdf
[2011/11/03 23:05:08 | 000,004,858 | ---- | M] () -- C:\Windows\SETUP.LST
[2011/11/03 23:05:08 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.004
[2011/11/03 23:04:56 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.003
[2011/11/03 23:04:34 | 000,000,303 | ---- | M] () -- C:\Windows\ST6UNST.002
[2011/11/02 08:23:03 | 000,193,650 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\P6230381.JPG
[2011/11/02 08:23:00 | 000,230,623 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\P6230382.JPG
[2011/10/29 08:16:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/28 13:48:48 | 000,002,050 | ---- | M] () -- C:\Users\Bryan Hansel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/26 10:21:00 | 001,887,817 | ---- | M] () -- C:\Users\Bryan Hansel\stackedImage.jpg
[2011/10/26 07:57:44 | 038,811,235 | ---- | M] () -- C:\Users\Bryan Hansel\Desktop\28-OP-oct-2011.pdf
[2011/10/26 06:32:05 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/14 15:16:29 | 001,731,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 09:37:14 | 000,000,512 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\MBR.dat
[2011/11/08 09:06:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/08 09:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/08 09:06:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/08 09:06:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/08 09:06:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/08 08:50:32 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 17:24:35 | 000,268,154 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\screenshot.1.jpg
[2011/11/07 12:06:45 | 000,001,799 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/11/06 15:50:50 | 013,379,178 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\thedead-print.zip
[2011/11/06 09:46:40 | 000,640,936 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\simpleseo-freebie.pdf
[2011/11/03 23:05:07 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.004
[2011/11/03 23:04:55 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.003
[2011/11/03 23:04:34 | 000,000,303 | ---- | C] () -- C:\Windows\ST6UNST.002
[2011/11/02 08:23:03 | 000,193,650 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\P6230381.JPG
[2011/11/02 08:22:53 | 000,230,623 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\P6230382.JPG
[2011/10/28 13:48:48 | 000,002,050 | ---- | C] () -- C:\Users\Bryan Hansel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/28 13:47:26 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job
[2011/10/28 13:47:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
[2011/10/26 10:20:57 | 001,887,817 | ---- | C] () -- C:\Users\Bryan Hansel\stackedImage.jpg
[2011/10/26 07:55:12 | 038,811,235 | ---- | C] () -- C:\Users\Bryan Hansel\Desktop\28-OP-oct-2011.pdf
[2011/08/17 10:20:45 | 000,000,222 | ---- | C] () -- C:\Windows\DC_Manager.ini
[2010/12/19 11:31:37 | 000,000,551 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\AutoGK.ini
[2010/12/19 10:59:02 | 000,007,887 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\pcouffin.cat
[2010/12/19 10:59:02 | 000,001,144 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\pcouffin.inf
[2010/11/11 15:28:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\MediaFolder
[2010/11/02 09:09:39 | 000,000,384 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\.backup.dm
[2010/10/27 16:55:34 | 000,098,304 | ---- | C] () -- C:\Windows\System32\LFC.exe
[2010/06/11 17:17:34 | 000,000,221 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/14 21:17:37 | 000,001,099 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\ShiftN.ini
[2010/03/07 19:52:26 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/07 19:51:32 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/03/07 19:51:32 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/03/07 19:51:32 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7440n.dat
[2010/03/07 19:48:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010/03/07 19:48:30 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010/03/07 19:47:54 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/03/07 19:47:51 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/03/07 19:45:59 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/09/24 08:15:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:15:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 10:51:24 | 001,440,054 | ---- | C] () -- C:\ProgramData\tmp_bmp.bmp
[2009/06/12 10:51:16 | 000,000,572 | ---- | C] () -- C:\ProgramData\MICRX.TNI
[2009/06/12 10:51:01 | 000,000,009 | ---- | C] () -- C:\ProgramData\pict_datax
[2009/06/12 10:51:01 | 000,000,008 | ---- | C] () -- C:\ProgramData\datax
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/09/29 19:16:45 | 000,000,680 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Local\d3d9caps.dat
[2008/08/19 02:02:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/18 12:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/06/05 17:19:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/04/14 17:23:53 | 000,000,016 | -H-- | C] () -- C:\Users\Bryan Hansel\AppData\Local\art.udk
[2008/04/14 17:22:33 | 000,000,017 | -H-- | C] () -- C:\Users\Bryan Hansel\AppData\Local\19720201.dat
[2008/04/14 17:22:30 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/04/09 17:56:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/05 17:07:54 | 000,000,144 | ---- | C] () -- C:\Windows\TOPO.INI
[2008/04/05 16:58:43 | 000,000,011 | ---- | C] () -- C:\Windows\Topo3.ini
[2008/04/05 16:57:52 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/04/05 16:36:24 | 000,000,041 | ---- | C] () -- C:\Windows\FindServ.INI
[2008/02/24 19:55:24 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/02/19 22:53:53 | 004,230,520 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/04 14:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2008/01/10 19:31:04 | 000,000,287 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/03 16:12:53 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2007/09/26 19:27:10 | 000,192,512 | ---- | C] () -- C:\Windows\System32\srkey.exe
[2007/09/26 09:06:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Synth Textures
[2007/09/26 07:42:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2007/08/24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/07/26 20:06:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/29 09:29:49 | 000,147,715 | ---- | C] () -- C:\Windows\System32\prntfix.exe
[2007/05/01 23:47:09 | 000,000,100 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Local\fusioncache.dat
[2007/04/23 20:53:56 | 000,880,640 | ---- | C] () -- C:\Windows\System32\pano12.dll
[2007/04/19 21:55:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/04/12 12:47:13 | 000,440,320 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2007/04/09 21:13:02 | 000,000,438 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/04/08 22:57:36 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\pssetup.cfg
[2007/04/05 14:13:24 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\System Image Utility
[2007/04/05 13:54:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2007/04/05 11:44:23 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys
[2007/04/05 11:37:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MFSBaseLib2889.dll
[2007/04/05 11:37:59 | 000,061,440 | ---- | C] () -- C:\Windows\System32\MFSIFLib2889.dll
[2007/04/05 00:12:23 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/04/04 20:50:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2007/04/04 20:46:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2007/04/04 20:46:26 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\NetServices
[2007/04/04 20:24:50 | 000,000,000 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\wklnhst.dat
[2007/04/04 19:14:00 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2007/04/04 17:19:21 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2007/04/04 16:58:55 | 000,029,239 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Roaming\UserTile.png
[2007/04/03 18:21:19 | 000,003,748 | ---- | C] () -- C:\Windows\mozver.dat
[2007/04/03 17:30:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/04/03 17:13:35 | 000,245,760 | ---- | C] () -- C:\Users\Bryan Hansel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/05 17:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/01/05 16:35:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/01/05 16:35:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/01/05 16:35:11 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/01/05 16:35:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/01/05 16:30:55 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/05 16:30:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/01/05 16:30:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2006/11/29 00:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 09:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 001,731,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,614,930 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,113,462 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2002/08/31 07:00:00 | 000,001,945 | -H-- | C] () -- C:\Windows\System32\msisl$.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData\Light Crafts:$ES_DESCRIPTOR_NBP2VBVKPVF9VPPP55N3EDT0ETX1JU0VSVLLV7J
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7EE134B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:54FC943C

< End of report >


------------------------------------------------------------------------

OTL Extras logfile created on: 11/8/2011 9:39:02 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bryan Hansel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.64% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 340.99 Gb Free Space | 73.44% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 94.37 Gb Free Space | 20.26% Space Free | Partition Type: NTFS

Computer Name: BRH-PC | User Name: Bryan Hansel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BA49AF-0A3A-442D-9609-EC2ECF56A247}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C3C17D9-DF18-4525-8926-339919E413A9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1F465EA7-D3F5-41AC-8F4F-7CBCBB42B0D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{37F6FAD1-A32C-4D3A-B875-F5CDB5C60790}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{45F42234-94DE-4CC6-9B18-96C95A330D69}" = lport=139 | protocol=6 | dir=in | app=system |
"{66BFF7DB-D548-4B62-BA73-FB0FC772DDD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{6A4892BC-D1B1-49F4-9810-F90158EF6A13}" = lport=137 | protocol=17 | dir=in | app=system |
"{6FD00B33-4978-4FD6-863A-51E6DBF9A859}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{82AFF3DB-473F-4A32-B18E-FA64A7189749}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82CEB988-8140-4C41-8381-B66ACBF533E1}" = rport=137 | protocol=17 | dir=out | app=system |
"{91BB9506-1895-479D-BF9C-8826DDC6B8CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B133F300-3C53-4C6B-9451-B5BDF26310C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC00444F-518B-44DC-9C42-80FE6546C604}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E826AB92-5601-4478-B537-4A7C96888D53}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{F667EE91-3544-4387-B115-2E0BA902C6C2}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0158FC0D-6961-42A4-9500-B8C5F4F1D60B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0ED626F6-CC78-4366-A9ED-DAE387865D2C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{13C66768-3B8D-4454-8AE9-06F14E168C12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{232D1EF3-D21C-49CF-9817-8B6CA15F543C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2DD61BAE-BCDD-4ED6-952D-ADB27F2FE3D4}" = protocol=58 | dir=in | [email protected],-28545 |
"{5C13F129-1962-4441-86C0-AF1B1065AE73}" = protocol=58 | dir=out | [email protected],-28546 |
"{8417A743-94E0-4D5D-AB73-95584DE99DCD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9C964D50-FE25-492F-97A4-81129D483549}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFC75BAA-1552-4D0A-87A4-34B01224ACB1}" = protocol=1 | dir=out | [email protected],-28544 |
"{B966B478-70DD-4AD2-83A9-C6C5824C7D80}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C2F65106-B6A6-46CB-82A4-B0B75C9D1C05}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ED1B9E46-9EEA-4166-BFD5-49FAD704F36A}" = protocol=1 | dir=in | [email protected],-28543 |
"{F3EE5772-600D-464E-98DA-72DFDFA1051A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{2232BA16-B54B-4036-9045-9FE9442F88FB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{27BF4B79-5C30-424E-88EA-78DD82DE25FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5AD263A0-EC6F-4B9F-8DC2-DE133F5FB037}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{64979CE6-FCD3-4C58-8D19-4F033EF351A3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{662B8CF5-7D3B-45D7-BE0D-BB84B30A331F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A4F92058-0F17-4381-8D96-47BD3D220BF9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B2A15E1B-F7A3-4BC5-9717-3313530E1E7D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B8B4A4E8-EC96-412C-8DB5-D036DFCF5110}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F3A404AF-A4A7-4DC9-99FB-5D7B0E7460BB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{25184565-1A01-47EB-B42E-7CD7FC243D4A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2768D93E-03A1-49DF-A1F4-95AE933E3BAC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{32BFC353-B541-49C0-AA5F-B95E2F143131}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3363E8B6-F5BA-4E2C-9F40-ED6640CAC2CD}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{449BE8A6-2323-4BEF-907D-4F2E31BC0CFF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{CDACB6D9-BF88-4448-85CA-09035219F0B0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{D026B262-6832-460A-9FC4-EF2759CCD87D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D20D200D-6377-4DAB-8A0E-C3F8DD273907}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FB48814C-FB0C-483F-8C4A-0E05B484AB82}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{061B998D-DE1E-45F2-BD65-30A6D1C65ED2}" = DoubleCAD XT Pro 3
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12099AA8-C44F-4C7A-AA4D-089C933D118D}" = LUT Manager
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37306C0F-1248-4C2E-9B86-E964AAA81101}" = Minolta DiMAGE Scan Dual3 ver 1.0
"{3A202CE5-2F2C-484F-B43E-523943D68E68}" = Where Am I Dataset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CAE11AF-0B55-4568-BE23-74996C0C3591}" = Delftship
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F5CACCC-D440-5F31-8A43-B7931B5D50C9}" = The Photographer's Ephemeris
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61356085-6C51-4DC9-99E6-33ED72304690}" = OmmWriter
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}" = onOne PerfectPresets
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E24CE8-F9D0-408F-A37C-5BF0716D3E91}" = DraftSight
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F9223F-F32C-4360-AC8F-2AE04DE443FC}_is1" = Rightload 2.0.1
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AFC02C27-473F-4EC5-9372-30771EFFB35F}" = VC80_CRT_x86
"{B0CD1368-BABE-4F31-86D6-8C1B1CD5DFE5}" = Instant JPEG From RAW
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C39487DF-42CD-428D-AC36-F59978A0A6B3}" = BSB Reader
"{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}" = Garmin Training Center 3.4.3
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5F4DEBD-284B-40F6-830F-D708E3C7F58E}" = Panorama Tools
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"AbiWord2" = AbiWord 2.8.6
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Autopano Giga" = Autopano Giga
"AutopanoGiga2.5" = Kolor Autopano Giga 2.5
"avi.NET 3.2.0.0" = avi.NET 3.2.0.0
"AviSynth" = AviSynth 2.5
"BASICR" = Microsoft Office Basic 2007
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"ConvertAll" = ConvertAll
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dia" = Dia (remove only)
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"Eye-One Match_is1" = Eye-One Match 3.6.1
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla" = FileZilla (remove only)
"Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1" = The Photographer's Ephemeris
"Glary Utilities_is1" = Glary Utilities 2.13.0.689
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hugin" = Hugin 2010.4.0
"Illinois" = Illinois Map
"ImageMagick 6.4.9 Q16_is1" = ImageMagick 6.4.9-0 Q16 (2009-02-01)
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lightscreen" = Lightscreen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"mti_in" = Indiana Topo Map
"mti_mi" = Michigan Topo Map
"mti_mn" = Minnesota Topo Map
"mti_oh" = Ohio Topo Map
"mti_wi" = Wisconsin Topo Map
"New York Topo" = New York Topo Map
"odf-converter-integrator" = odf-converter-integrator
"Panotour15" = Kolor Panotour 1.5
"PokerTH 0.8.3" = PokerTH
"PSPad editor_is1" = PSPad editor
"QCAD Professional" = QCAD Professional 2.2.2.0
"RocketDock_is1" = RocketDock 1.3.5
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"Stellarium_is1" = Stellarium 0.11.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.12
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"ROES.whcc" = ROES.whcc
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2011 3:52:38 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 3:52:38 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 3:54:51 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:37:45 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:37:45 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:38:04 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:44:47 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:45:30 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:47:18 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/4/2011 4:47:21 AM | Computer Name = BRH-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 6/9/2009 9:54:46 AM | Computer Name = BRH-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/30/2009 7:27:58 PM | Computer Name = BRH-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 1:55:20 PM | Computer Name = BRH-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/7/2011 11:52:41 AM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/7/2011 12:22:45 PM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2011 1:08:19 PM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2011 1:37:49 PM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2011 3:29:54 PM | Computer Name = BRH-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:25:47 PM on 11/7/2011 was unexpected.

Error - 11/7/2011 3:30:47 PM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/8/2011 11:08:33 AM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/8/2011 11:08:36 AM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/8/2011 11:14:37 AM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/8/2011 11:21:00 AM | Computer Name = BRH-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
  • 0

#4
RKinner
Posted 08 November 2011 - 10:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
aswMBR is from Avast and as an option you can download and scan with their anti-virus engine. It's actually a rather good scan but can take a while especially if you change a-v scan to do C:\.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\Tasks\GlaryInitialize.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job

Driver::
MpKsl274e9c40
MpKsla45ee12a
MpKslb18dd246
MpKslc82c6417
MpKslfc05283c
gupdate1c94422f3136080
73058414
93104158
MpKslcc2799d3

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#5
brhans
Posted 08 November 2011 - 12:05 PM

brhans

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, Ron. Here's the new log.

ComboFix 11-11-08.02 - Bryan Hansel 11/08/2011 11:37:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.927 [GMT -6:00]
Running from: c:\users\Bryan Hansel\Desktop\ComboFix.exe
Command switches used :: c:\users\Bryan Hansel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GlaryInitialize.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GlaryInitialize.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257526764-2910778689-1797758683-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_73058414
-------\Legacy_93104158
-------\Legacy_MPKSL274E9C40
-------\Legacy_MPKSLA45EE12A
-------\Legacy_MPKSLB18DD246
-------\Legacy_MPKSLC82C6417
-------\Legacy_MPKSLCC2799D3
-------\Legacy_MPKSLFC05283C
-------\Service_73058414
-------\Service_93104158
-------\Service_gupdate1c94422f3136080
-------\Service_MpKsl274e9c40
-------\Service_MpKsla45ee12a
-------\Service_MpKslb18dd246
-------\Service_MpKslc82c6417
-------\Service_MpKslcc2799d3
-------\Service_MpKslfc05283c
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 17:51 . 2011-11-08 17:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FECD92-0D98-49BC-A79C-034455DEA04B}\offreg.dll
2011-11-08 17:47 . 2011-11-08 17:51 -------- d-----w- c:\users\Bryan Hansel\AppData\Local\temp
2011-11-08 17:47 . 2011-11-08 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 15:54 . 2011-11-08 15:54 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FECD92-0D98-49BC-A79C-034455DEA04B}\MpKsl7f9ed335.sys
2011-11-08 15:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FECD92-0D98-49BC-A79C-034455DEA04B}\mpengine.dll
2011-11-08 14:50 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 14:50 . 2011-11-08 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 00:11 . 2011-11-08 00:11 -------- d-----w- c:\program files\7-Zip
2011-11-07 18:10 . 2011-11-07 18:41 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-07 18:09 . 2011-11-07 18:09 -------- d-----w- c:\program files\Common Files\Java
2011-11-07 18:06 . 2011-11-07 18:06 -------- d-----w- c:\program files\FileHippo.com
2011-11-05 00:05 . 2011-11-05 00:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-18 23:15 . 2011-10-18 23:14 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DD79B7C-D8B0-4659-BCD3-E23D8D4EF807}\gapaengine.dll
2011-10-12 21:58 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:58 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 21:58 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:58 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:57 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:57 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 21:57 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:57 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:57 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:57 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 18:08 . 2010-06-06 12:47 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-26 12:32 . 2011-06-03 01:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2011-06-18 23:20 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-17 15:02 . 2011-08-17 15:02 6656 ----a-w- c:\windows\system32\Ry4CoInst.dll
2011-08-17 15:02 . 2011-08-17 15:02 26976 ----a-w- c:\windows\system32\drivers\Rockey4.sys
2011-08-17 15:02 . 2011-08-17 15:02 20648 ----a-w- c:\windows\system32\drivers\Rockey4USB.sys
2011-10-01 22:39 . 2011-03-22 19:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Lightscreen"="c:\program files\Lightscreen\lightscreen.exe" [2010-03-17 563200]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-29 1938728]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
c:\users\Bryan Hansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2007-4-5 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 19:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2004-05-07 44344]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-11 133104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl7f9ed335;MpKsl7f9ed335;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58FECD92-0D98-49BC-A79C-034455DEA04B}\MpKsl7f9ed335.sys [2011-11-08 28752]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2006-05-11 14416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Bryan Hansel\AppData\Roaming\Mozilla\Firefox\Profiles\nyjrcej3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=esSjnZf3&q=
FF - user.js: keyword.URL - hxxp://www.sitfy.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=esSjnZf3&q=
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(428)
c:\users\Bryan Hansel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-08 11:59:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-08 17:59
.
Pre-Run: 366,002,384,896 bytes free
Post-Run: 365,511,622,656 bytes free
.
- - End Of File - - 1503478C274197F48F325CD5063D932C
  • 0

#6
RKinner
Posted 08 November 2011 - 01:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download and Save the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
run the McAfee uninstall tool, reboot.

Uninstall Java™ 6 Update 26

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Are you still seeing signs of an infection?

Ron
  • 0

#7
brhans
Posted 08 November 2011 - 03:48 PM

brhans

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, I've done the steps. I haven't seen anymore signs of an infection, but I haven't been using this computer except to do the things that you've asked and a little browsing.

After I ran "sigverif" I got a bunch, but nothing from recently. The most recent one was over a year ago.

For system:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/11/2011 3:43:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 9:17:43 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Tosrfcom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 9:15:27 PM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 08/11/2011 9:14:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


For Application:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/11/2011 3:46:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks,
Bryan

Edited by brhans, 08 November 2011 - 04:00 PM.

  • 0

#8
RKinner
Posted 08 November 2011 - 05:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The only error is something from your bluetooth driver.

The following boot-start or system-start driver(s) failed to load: Tosrfcom



If you use bluetooth then you probably need a new driver. (If you don't use it then you can just turn off the Tosrfcom bluetooth driver. Right click on Computer and select Manage (Continue) then Device Manager. There should be one with a yellow or red mark. Right click on it and select Disable.) There should be one available on the Toshiba website. http://www.toshiba.com/tai/support.jsp Look under Consumer Products and choose your PC then your operating system.

Otherwise it looks clean so I think we can cleanup:


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
brhans
Posted 09 November 2011 - 08:23 AM

brhans

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, Ron. All steps completed.

One last question: I have an external hard drive. Do I need to do anything to it before I reconnect it?

Thanks,
Bryan
  • 0

#10
RKinner
Posted 09 November 2011 - 09:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see an indication that it is infected but just to be safe I would run a scan with your anti-virus right after you hook it up.

Ron
  • 0

#11
brhans
Posted 09 November 2011 - 09:33 AM

brhans

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, Ron!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP