Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hitman Pro 3.5....Can't Boot. Please HELP!

Started by JeffreyRyan , Nov 21 2011 03:14 AM

This topic is locked

#1
JeffreyRyan

Posted 21 November 2011 - 03:14 AM

Member

Member
10 posts

I recently ran hitman pro 3.5 for the first time without actually researching the possible repercussions (like a moron). I simply ran it and selected "fix all." upon doing so, i did a reboot and my system will now get to the windows loading bar then reset. Upon restart it will typically go to the windows recovery screen, but I am unable to start normally yet occasionally the systems check will run. I am unable to boot in safe mode and have been unable to do "f12"->repair system. I've read a ton of others' posts, but it appears as if each circumstance is different. Sorry for the redundancy, but this is killing me. I'm normally proficient with fixing my random problems, but this one has got me beat, so I figured it'd be best to turn it over to the pros:) any help would be GREATLY appreciated.

More Info:
Dell xps M1330 (vista)
I do not have any original install disc as I don't even recall it coming with one.

Please Help!!!!

And THANK YOU!

#2
azarl

Posted 21 November 2011 - 09:10 AM

GeekU Admin

Community Leader
25,310 posts

You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save to your USB drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save to your USB drive.

Plug the flashdrive into the infected PC.

Booting your PC to Command Promp

Restart your PC, press and hold the F8 key as it restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter.
Select a keyboard layout, and then click Next.
On the System Recovery Options menu, click on Command Prompt

Running FRST

In the command window type in "notepad" and press theEnter key.The notepad should open.
Under File menu select "Open".
Select "Computer" and locate your flash drive. Make a note of the drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64.exe) and press Enter
Note: Replace letter e with the drive letter of your flash drive (from step 3 above).
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

#3
JeffreyRyan

Posted 21 November 2011 - 01:27 PM

Member

Topic Starter
Member
10 posts

Thank you so much for your help! I wanted to update this that i was able to resolve the issue last night. i finally managed for force my computer to boot from a cd. i ran a diagnostic and it responded with an error code of 2000-1046. everything i read online seemed to indicate that it was hardware issue. I ran the AVG rescue disk; although unable to update the virus database, i was able to run the scan. After a few hours of scanning it found a trojan in "c:windows/assembly...../800000032" (something like that) along with a possibly corrupted file in a security folder (perhaps this is the reason i'm unable to run the vista firewall? i could def use help fixing that). after renaming the infected files, i was able to boot from the vista recovery disk. initially i was unable to run restore, however i did a disk repair and then rebooted from the recovery disk and was then able to run a successful restore. after restore i was unable to go into windows and deleted the renamed, infected files. i'm not sure if the restore completely removed them or if their hidden. This entire problem started with me using hitman pro 3.5 to remove the google redirect issue. word of advice to those considering using it...DO NOT. Is there anyway i can run a variety of scans that i can post for analysis to make sure i have a clean system and help increase it's speed and efficiency (i've noticed some slowness). if so, which scan logs should i post? also, i'm still having the issue of being unable to manually turn on the windows firewall. i'm not sure i've actually fixed the issue or have just worked around it...i def don't want that issue resurfacing so a scan is probably crucial? Thank you again for your quick assistance!

Edited by JeffreyRyan, 21 November 2011 - 01:42 PM.

#4
azarl

Posted 21 November 2011 - 01:35 PM

GeekU Admin

Community Leader
25,310 posts

OK, let's see if we can help you

»Firstly... «

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

»Next... «

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
If it asks you whether to download Avast click "No"
Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log...

Posted Image

... save it to your desktop and post in your next reply

#5
JeffreyRyan

Posted 21 November 2011 - 03:44 PM

Member

Topic Starter
Member
10 posts

OTL:

OTL logfile created on: 11/21/2011 3:14:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeffrey\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.26% Memory free
8.15 Gb Paging File | 6.69 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 36.35 Gb Free Space | 12.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.81 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AUGUSTUS | User Name: Jeffrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 14:59:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffrey\Downloads\OTL.exe
PRC - [2011/10/19 20:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/15 16:42:18 | 000,499,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2008/05/05 06:30:28 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/09 04:43:58 | 000,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/19 20:27:55 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/08 08:25:49 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/05/19 00:26:30 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/05/18 23:46:40 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/05/18 23:46:36 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/06 12:00:38 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/20 20:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 20:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/09 04:45:36 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/09 04:45:28 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/09 04:43:58 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/01/09 04:43:58 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/01/09 04:43:58 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/01/09 04:43:58 | 000,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/09 04:42:12 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/07/06 16:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files (x86)\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/21 17:33:21 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/06/11 17:34:34 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/06 12:01:32 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/05/19 00:26:04 | 001,198,072 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/18 23:46:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/05/06 22:51:50 | 000,125,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/05/06 22:51:32 | 007,172,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/06 04:34:34 | 000,537,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/05 23:35:46 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/05 06:34:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/05/05 06:34:04 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/05 06:34:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/05/05 06:30:32 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/05/05 06:30:26 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/02/28 13:37:42 | 000,046,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2008/01/20 20:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 20:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 20:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2008/01/09 04:43:04 | 000,271,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2008/01/09 04:43:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - [2008/01/09 04:43:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIM)
DRV:64bit: - [2008/01/09 04:42:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/01/09 04:42:52 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/09 04:42:52 | 000,439,344 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2007/12/06 17:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/09/10 15:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/06/22 00:00:00 | 001,430,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080622.003\EX64.SYS -- (NAVEX15)
DRV - [2008/06/22 00:00:00 | 000,138,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080622.003\ENG64.SYS -- (NAVENG)
DRV - [2008/01/09 04:39:00 | 000,251,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20070823.002\IDSviA64.sys -- (IDSvia64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {881B6AF5-8202-40D5-B4CA-80FF7486E001}:1.9.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/16 14:50:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/19 20:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/16 17:35:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{881B6AF5-8202-40D5-B4CA-80FF7486E001}: C:\Users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001} [2010/06/19 16:01:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/16 14:50:07 | 000,000,000 | ---D | M]

[2008/11/16 19:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Extensions
[2011/11/21 05:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions
[2009/09/02 16:22:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/16 11:14:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(59)
[2009/05/09 22:13:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\[email protected]
[2009/04/01 07:27:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\[email protected]
[2011/10/25 09:08:55 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\[email protected]
[2011/10/03 11:25:00 | 000,002,410 | ---- | M] () -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\searchplugins\s-amazon.xml
[2011/10/16 17:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/24 15:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/19 20:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/01/23 00:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/24 15:08:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/19 20:27:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 01:12:08 | 000,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.6.26.dll File not found
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SymLnch] "C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Support\SymLnch\SymLnch.exe" "C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" "/X" File not found
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax",DllRegisterServer File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DMFSource.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DMFSource.ax",DllRegisterServer File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm File not found
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm File not found
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm File not found
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm File not found
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm File not found
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{793145EC-2465-41E0-BA19-2738A2725A08}: DhcpNameServer = 192.168.7.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Jeffrey\Pictures\My Pictures\MT.JPG
O24 - Desktop BackupWallPaper: C:\Users\Jeffrey\Pictures\My Pictures\MT.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{aaac0943-b42d-11dd-b78d-00219bd4ea59}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 14:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\AVG
[2011/11/21 14:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/20 23:34:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/20 23:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/20 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/20 23:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/20 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/20 02:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\5B84A
[2011/11/20 02:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/20 01:48:20 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Iyy1inH7d
[2011/11/20 01:47:41 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\5B84A
[2011/11/20 01:46:54 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\5275B
[2011/11/20 01:46:42 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\HwVlOOBtyc1
[2011/11/20 01:46:41 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\JQQHHdK7fL9X
[2011/11/20 01:46:40 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\HffR9hTXqjUekrO
[2011/11/08 13:38:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\Spotify
[2011/11/08 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Spotify
[2011/11/01 21:15:19 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\ElevatedDiagnostics
[2011/11/01 21:12:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/31 10:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/10/31 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/10/31 10:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/10/31 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\NCH Software
[2011/10/25 17:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/25 17:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/25 17:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/25 12:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Documents\Gage
[2010/03/21 17:33:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jeffrey\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/21 15:16:30 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/21 15:16:30 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/21 15:16:30 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/21 15:12:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 15:10:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 15:09:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 15:09:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 15:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 05:04:39 | 004,854,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/20 03:08:49 | 000,000,732 | ---- | M] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps64.dat
[2011/11/01 21:10:10 | 004,653,056 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/10/31 15:39:56 | 000,165,888 | ---- | M] () -- C:\Users\Jeffrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 17:14:19 | 000,001,045 | ---- | M] () -- C:\Users\Jeffrey\Desktop\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk

========== Files Created - No Company Name ==========

[2011/11/01 21:09:03 | 004,653,056 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/10/31 10:52:56 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/10/25 17:14:19 | 000,001,045 | ---- | C] () -- C:\Users\Jeffrey\Desktop\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/10/25 17:12:55 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/10/25 17:09:36 | 000,001,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/10/25 17:08:59 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/10/25 17:06:47 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/10/25 17:06:34 | 000,001,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/10/25 17:05:36 | 000,000,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/09/22 19:43:46 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\{176A037F-FC79-42C3-B0AA-88B0A92A1D9D}
[2011/08/16 14:36:18 | 000,208,102 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/08/16 14:36:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011/07/16 07:21:40 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\{7F9A2165-39D3-4AF9-9237-90F9D145B7AB}
[2011/07/11 22:43:14 | 000,155,937 | ---- | C] () -- C:\Windows\hpwins12.dat
[2011/07/11 22:41:49 | 000,009,847 | ---- | C] () -- C:\Windows\hpwscr12.dat
[2011/07/11 22:41:49 | 000,000,981 | ---- | C] () -- C:\Windows\hpwmdl12.dat
[2011/06/26 16:46:36 | 000,000,220 | -HS- | C] () -- C:\Windows\dwin.sys
[2010/06/28 02:02:57 | 000,172,544 | ---- | C] () -- C:\Windows\Ckyqib.exe
[2010/06/28 01:41:56 | 000,172,544 | ---- | C] () -- C:\Windows\Ckyqia.exe
[2010/06/20 09:13:00 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\episuyeg.dll
[2010/06/20 09:12:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\upiboxagijobake.dll
[2010/06/20 08:55:45 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\exoreyes.dll
[2010/06/20 08:51:25 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uxetuguze.dll
[2010/06/20 08:48:00 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\etuqavefo.dll
[2010/06/20 08:44:41 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\egezocohofafah.dll
[2010/06/20 08:43:35 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\afohilofejinur.dll
[2010/06/20 08:29:09 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\onibicitaqunuhog.dll
[2010/06/20 08:28:19 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\obodukemuguxav.dll
[2010/06/20 08:27:10 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\atudukeqoda.dll
[2010/06/20 08:15:22 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uxalibugid.dll
[2010/06/20 08:14:40 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\itojowedi.dll
[2010/06/20 08:05:04 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\ufugubel.dll
[2010/06/20 08:00:44 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uvafanivagoxoyi.dll
[2010/06/20 07:56:54 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\azoqawepewa.dll
[2010/06/20 07:56:34 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\alegovitogolopu.dll
[2010/06/20 07:52:37 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\epihoxuq.dll
[2010/06/20 07:36:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\egobinag.dll
[2010/06/20 07:35:30 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\obanelanave.dll
[2010/06/20 07:34:28 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\emegivaj.dll
[2010/06/20 07:33:37 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\iqeyukejubetov.dll
[2010/06/20 07:32:27 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\otugijobake.dll
[2010/06/20 07:30:23 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\unewisucejal.dll
[2010/06/20 07:25:00 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\oniwawazulaxufo.dll
[2010/06/20 07:17:56 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\axuhifuci.dll
[2010/06/20 07:17:08 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\eyeqicox.dll
[2010/06/20 07:10:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\isiviyiyimevoco.dll
[2010/06/20 07:00:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\upotohun.dll
[2010/06/20 06:55:09 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\ilokicilucip.dll
[2010/06/20 06:49:40 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\itilolelolelo.dll
[2010/06/20 06:44:02 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\afuxisigihajile.dll
[2010/06/20 06:34:47 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\aharalosupu.dll
[2010/06/20 06:34:21 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\utinuzeh.dll
[2010/06/20 06:30:06 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uguwoniqivuxege.dll
[2010/06/20 06:29:04 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\iluvebax.dll
[2010/06/20 06:27:40 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\enakibofa.dll
[2010/06/20 06:26:01 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\oheyicub.dll
[2010/06/20 06:25:15 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\osozivanomozo.dll
[2010/06/20 06:14:02 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\axanurifucip.dll
[2010/06/20 06:04:54 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uqubebebaguwimu.dll
[2010/06/20 06:03:45 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\inufofoceqoz.dll
[2010/06/20 06:01:12 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\azalisuzogerut.dll
[2010/06/20 05:54:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\otifajahi.dll
[2010/06/20 04:36:55 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\aburidasibiduk.dll
[2010/06/19 18:02:34 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\enunahifureqij.dll
[2010/06/19 16:01:37 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\Igoweribeci.dat
[2010/06/19 16:01:37 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\Cwojoxiya.bin
[2010/04/10 12:49:49 | 000,010,738 | -HS- | C] () -- C:\Users\Jeffrey\AppData\Local\Xe8v
[2010/04/10 12:49:49 | 000,010,738 | -HS- | C] () -- C:\ProgramData\Xe8v
[2010/04/06 00:44:08 | 000,000,680 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps.dat
[2010/04/04 12:00:52 | 000,200,192 | -HS- | C] () -- C:\Users\Jeffrey\AppData\Local\2991590366.dll
[2010/04/04 11:46:06 | 000,010,990 | -HS- | C] () -- C:\Users\Jeffrey\AppData\Local\p7Fj0O6C
[2010/04/04 11:46:06 | 000,010,990 | -HS- | C] () -- C:\ProgramData\p7Fj0O6C
[2010/03/21 17:35:55 | 000,001,041 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\vso_ts_preview.xml
[2010/03/21 17:33:21 | 000,099,384 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\inst.exe
[2010/03/21 17:33:21 | 000,007,859 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\pcouffin.cat
[2010/03/21 17:33:21 | 000,001,167 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\pcouffin.inf
[2009/10/21 18:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 18:22:28 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/21 18:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/21 18:21:37 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/09/08 10:21:01 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/09/08 10:16:32 | 000,179,494 | ---- | C] () -- C:\Windows\hpwins14.dat
[2009/09/08 10:16:32 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2009/04/19 00:02:56 | 000,000,732 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps64.dat
[2009/01/03 13:53:49 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/03 13:53:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/26 16:12:08 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008/11/16 19:42:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/16 17:10:25 | 000,165,888 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/06 14:23:50 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/08/06 14:23:50 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/08/06 14:23:50 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/08/06 11:43:03 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\xwreg.dll
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/11/20 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\5275B
[2011/11/20 01:47:41 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\5B84A
[2008/11/25 13:33:44 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\acccore
[2011/08/11 11:24:54 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Amazon
[2011/11/21 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\AVG
[2010/11/16 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Camfrog
[2009/06/24 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\CopyTrans
[2010/03/21 14:15:10 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\GHISLER
[2011/11/20 01:46:40 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\HffR9hTXqjUekrO
[2011/11/20 01:46:42 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\HwVlOOBtyc1
[2011/11/20 01:48:20 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Iyy1inH7d
[2011/11/20 02:08:31 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\JQQHHdK7fL9X
[2011/06/29 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\MPEG Streamclip
[2011/11/19 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Spotify
[2008/11/17 15:09:39 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\tmp
[2011/11/21 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\uTorrent
[2010/03/27 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Vso
[2009/06/24 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\WindSolutions
[2011/07/24 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\WSOP-USA.com
[2011/11/21 15:08:05 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#6
JeffreyRyan

Posted 21 November 2011 - 03:46 PM

Member

Topic Starter
Member
10 posts

EXTRAS.TXT:

OTL Extras logfile created on: 11/21/2011 3:14:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeffrey\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.26% Memory free
8.15 Gb Paging File | 6.69 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 36.35 Gb Free Space | 12.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.81 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AUGUSTUS | User Name: Jeffrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B1 94 B1 08 86 53 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{55903FD6-5435-4721-BC8D-05107022FDFD}" = lport=7832 | protocol=17 | dir=in | name=bitcomet 7832 udp |
"{685512CE-C926-4A37-B3E1-49F1C59D552C}" = lport=7832 | protocol=6 | dir=in | name=bitcomet 7832 tcp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0309A41F-56EB-4D9C-BFF2-F1CCE59C91D4}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{23999A4F-D09C-4168-947B-26A467262405}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{29185715-8370-487F-B5C9-8A8E72E2E7BA}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{3DD08298-53F6-49E0-B03E-D8885A9192B3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{419EE44A-69E8-49FC-AA72-1FD5D355FD34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{443C4EE7-7052-4B6C-AF49-58E661AF3CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5351EFAA-36A7-46D5-9453-550824BCAD7E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8FC8C194-DA8A-406D-8250-0114242B6E2B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9785E50B-FDC9-46A8-8FED-785270D1AFDA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{AC9A4E12-C2BE-4761-810B-3D4B7D08CF8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF191091-E7B7-4200-9CFE-3289A09886E0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{CF67FA10-CD74-4AAA-8FAC-ADBB365C932B}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{F37770CF-E8F7-4E1C-8E24-EEF3A320D0E2}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{FA3D0709-7F81-4453-A43C-6A748405A1B0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{FF96DDD9-44F8-418C-8B9C-33226AA6E0F9}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{5D1B2025-C801-4F9C-BCA0-1459DD7FEC63}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{836B68E8-4BE6-4BFC-B727-0D8E3ECE71E4}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{09DDE1BB-E0A9-4DA1-9F36-B8698E6EE451}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{93D150CD-EEDD-4DBE-8431-1AC6D24A408E}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{399D00B8-46E3-4547-A0F5-75F58079F2CD}" = SymNet x64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5563A0F6-CF81-451E-87AD-A50075BCA9B7}" = QuickSet
"{5A15F754-086E-4185-96F4-0BC31F1A2382}" = HP Officejet H470 Series
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{F303C668-7674-484A-8C04-579881C382F8}" = Norton Protection Center
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0BC4864E-72C5-472D-8692-0E5971E0BD36}" = BPDSoftware_Ini
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10829556-7C82-4a83-8C81-F2D98472C76B}" = H470
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6673E0F4-D376-431b-A6F4-18D1B86B4A89}" = BPDSoftware
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B349DE1-590D-4506-B272-9115EC31F7D2}" = 470_Help
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BA72A4E3-D2D0-4203-A17E-E53012B8807C}" = BPD_HPSU
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE5F0136-2C7C-42a7-B1B0-5F12D107A0EE}" = ProductContext
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AVI To MP4 Converter_is1" = AVI To MP4 Converter 1.0
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"nLite_is1" = nLite 1.4.9.1
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Switch" = Switch Sound File Converter
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR archiver
"WSOP-USA.com" = WSOP-USA.com
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"CopyTrans Suite" = CopyTrans Suite Remove Only
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#7
JeffreyRyan

Posted 21 November 2011 - 03:48 PM

Member

Topic Starter
Member
10 posts

aswMBR.txt

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 15:41:19
-----------------------------
15:41:19.524 OS Version: Windows x64 6.0.6002 Service Pack 2
15:41:19.525 Number of processors: 2 586 0xF0D
15:41:19.526 ComputerName: AUGUSTUS UserName: Jeffrey
15:41:22.104 Initialize success
15:41:40.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:41:40.762 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:41:40.821 Disk 0 MBR read successfully
15:41:40.829 Disk 0 MBR scan
15:41:40.836 Disk 0 Windows VISTA default MBR code
15:41:40.847 Service scanning
15:41:43.304 Modules scanning
15:41:43.315 Disk 0 trace - called modules:
15:41:43.328 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
15:41:43.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006090790]
15:41:43.348 3 CLASSPNP.SYS[fffffa6000fcac33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80045e8050]
15:41:43.358 Scan finished successfully
15:42:15.969 Disk 0 MBR has been saved successfully to "C:\Users\Jeffrey\Desktop\Desktop\MBR.dat"
15:42:15.976 The log file has been saved successfully to "C:\Users\Jeffrey\Desktop\Desktop\aswMBR.txt"

#8
JeffreyRyan

Posted 21 November 2011 - 06:03 PM

Member

Topic Starter
Member
10 posts

i just installed avg and it came with avg pc tuner, so i ran that and it came back with 5000+ issues. after researching i decided to not fix any of the "issues," so hopefully these logs will help you analyze it.

#9
azarl

Posted 22 November 2011 - 05:30 AM

GeekU Admin

Community Leader
25,310 posts

i just installed avg and it came with avg pc tuner, so i ran that and it came back with 5000+ issues. after researching i decided to not fix any of the "issues," so hopefully these logs will help you analyze it.

If you have the AVG Anti Virus, you need to uninstall Panda and Norton - otherwise you'll get poor performance.

Download the Norton Removal Tool and run it

Next...

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010/06/20 09:13:00 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\episuyeg.dll
[2010/06/20 09:12:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\upiboxagijobake.dll
[2010/06/20 08:55:45 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\exoreyes.dll
[2010/06/20 08:51:25 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uxetuguze.dll
[2010/06/20 08:48:00 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\etuqavefo.dll
[2010/06/20 08:44:41 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\egezocohofafah.dll
[2010/06/20 08:43:35 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\afohilofejinur.dll
[2010/06/20 08:29:09 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\onibicitaqunuhog.dll
[2010/06/20 08:28:19 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\obodukemuguxav.dll
[2010/06/20 08:27:10 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\atudukeqoda.dll
[2010/06/20 08:15:22 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uxalibugid.dll
[2010/06/20 08:14:40 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\itojowedi.dll
[2010/06/20 08:05:04 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\ufugubel.dll
[2010/06/20 08:00:44 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uvafanivagoxoyi.dll
[2010/06/20 07:56:54 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\azoqawepewa.dll
[2010/06/20 07:56:34 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\alegovitogolopu.dll
[2010/06/20 07:52:37 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\epihoxuq.dll
[2010/06/20 07:36:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\egobinag.dll
[2010/06/20 07:35:30 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\obanelanave.dll
[2010/06/20 07:34:28 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\emegivaj.dll
[2010/06/20 07:33:37 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\iqeyukejubetov.dll
[2010/06/20 07:32:27 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\otugijobake.dll
[2010/06/20 07:30:23 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\unewisucejal.dll
[2010/06/20 07:25:00 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\oniwawazulaxufo.dll
[2010/06/20 07:17:56 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\axuhifuci.dll
[2010/06/20 07:17:08 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\eyeqicox.dll
[2010/06/20 07:10:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\isiviyiyimevoco.dll
[2010/06/20 07:00:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\upotohun.dll
[2010/06/20 06:55:09 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\ilokicilucip.dll
[2010/06/20 06:49:40 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\itilolelolelo.dll
[2010/06/20 06:44:02 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\afuxisigihajile.dll
[2010/06/20 06:34:47 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\aharalosupu.dll
[2010/06/20 06:34:21 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\utinuzeh.dll
[2010/06/20 06:30:06 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uguwoniqivuxege.dll
[2010/06/20 06:29:04 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\iluvebax.dll
[2010/06/20 06:27:40 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\enakibofa.dll
[2010/06/20 06:26:01 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\oheyicub.dll
[2010/06/20 06:25:15 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\osozivanomozo.dll
[2010/06/20 06:14:02 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\axanurifucip.dll
[2010/06/20 06:04:54 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\uqubebebaguwimu.dll
[2010/06/20 06:03:45 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\inufofoceqoz.dll
[2010/06/20 06:01:12 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\azalisuzogerut.dll
[2010/06/20 05:54:43 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\otifajahi.dll
[2010/06/20 04:36:55 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\aburidasibiduk.dll
[2010/06/19 18:02:34 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\enunahifureqij.dll
[2010/06/19 16:01:37 | 000,002,523 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\Igoweribeci.dat
[2010/06/19 16:01:37 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\Cwojoxiya.bin
O33 - MountPoints2\{aaac0943-b42d-11dd-b78d-00219bd4ea59}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe

:Commands
[purity]
[emptytemp]

[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Finally...

ComboFix

Notes:
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
It must be saved to your desktop, do not run it
Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop
http://download.blee...Bs/ComboFix.exe

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

#10
JeffreyRyan

Posted 22 November 2011 - 11:25 AM

Member

Topic Starter
Member
10 posts

i'm having issues installing the norton removal tool. it extracts to 25% then shuts off. if i try to restart the install, it states that my system is already running symNRT, so i go into processes to close the process and restart and the cycle begins again.

#11
azarl

Posted 22 November 2011 - 12:42 PM

GeekU Admin

Community Leader
25,310 posts

i'm having issues installing the norton removal tool. it extracts to 25% then shuts off. if i try to restart the install, it states that my system is already running symNRT, so i go into processes to close the process and restart and the cycle begins again.

Might be damaged. Can you remove it through add/remove programs?

#12
JeffreyRyan

Posted 22 November 2011 - 12:53 PM

Member

Topic Starter
Member
10 posts

I reviewed my programs in control panel and didn't see any program or provider named "panda." here is my otl log...i'll run combofix now.

OTL logfile created on: 11/22/2011 12:22:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeffrey\Desktop\Desktop\Antivirus
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.43% Memory free
8.15 Gb Paging File | 6.35 Gb Available in Paging File | 77.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.50 Gb Total Space | 36.42 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.81 Gb Free Space | 48.13% Space Free | Partition Type: NTFS

Computer Name: AUGUSTUS | User Name: Jeffrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 14:59:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\Desktop\Antivirus\OTL.exe
PRC - [2011/10/19 20:27:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/15 16:42:18 | 000,499,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2008/05/05 06:30:28 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/19 20:27:55 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/05/19 00:26:30 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/05/18 23:46:40 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/05/18 23:46:36 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/20 20:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 20:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/07/06 16:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files (x86)\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/21 17:33:21 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/06/11 17:34:34 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/19 00:26:04 | 001,198,072 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/18 23:46:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/05/06 22:51:50 | 000,125,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/05/06 22:51:32 | 007,172,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/06 04:34:34 | 000,537,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/05 23:35:46 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/05 06:34:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/05/05 06:34:04 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/05 06:34:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/05/05 06:30:32 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/05/05 06:30:26 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2008/02/28 13:37:42 | 000,046,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2008/01/20 20:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 20:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 20:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/12/06 17:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/09/10 15:50:02 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {881B6AF5-8202-40D5-B4CA-80FF7486E001}:1.9.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/16 14:50:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/19 20:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/16 17:35:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{881B6AF5-8202-40D5-B4CA-80FF7486E001}: C:\Users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001} [2010/06/19 16:01:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/16 14:50:07 | 000,000,000 | ---D | M]

[2008/11/16 19:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Extensions
[2011/11/21 05:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions
[2009/09/02 16:22:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/16 11:14:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(59)
[2009/05/09 22:13:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\[email protected]
[2009/04/01 07:27:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\[email protected]
[2011/10/25 09:08:55 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\extensions\[email protected]
[2011/10/03 11:25:00 | 000,002,410 | ---- | M] () -- C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\searchplugins\s-amazon.xml
[2011/10/16 17:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/24 15:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/19 20:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/01/23 00:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/24 15:08:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/19 20:27:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 01:12:08 | 000,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.6.26.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-80246485-3232007000-2986526422-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax",DllRegisterServer File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DMFSource.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DMFSource.ax",DllRegisterServer File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm File not found
O8:64bit: - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm File not found
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm File not found
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm File not found
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm File not found
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{793145EC-2465-41E0-BA19-2738A2725A08}: DhcpNameServer = 192.168.7.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Jeffrey\Pictures\My Pictures\MT.JPG
O24 - Desktop BackupWallPaper: C:\Users\Jeffrey\Pictures\My Pictures\MT.JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 11:26:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/22 04:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/21 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\AVG2012
[2011/11/21 19:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/21 19:13:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/11/21 19:12:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/11/21 14:34:58 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\AVG
[2011/11/21 14:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/20 23:34:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/20 23:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/20 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/20 23:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/20 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/20 02:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\5B84A
[2011/11/20 02:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/20 01:48:20 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Iyy1inH7d
[2011/11/20 01:47:41 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\5B84A
[2011/11/20 01:46:54 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\5275B
[2011/11/20 01:46:42 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\HwVlOOBtyc1
[2011/11/20 01:46:41 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\JQQHHdK7fL9X
[2011/11/20 01:46:40 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\HffR9hTXqjUekrO
[2011/11/08 13:38:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\Spotify
[2011/11/08 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Spotify
[2011/11/01 21:15:19 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\ElevatedDiagnostics
[2011/11/01 21:12:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2011/10/31 10:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/10/31 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/10/31 10:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/10/31 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\NCH Software
[2011/10/25 17:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/25 17:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/25 17:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/25 12:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Documents\Gage
[2010/03/21 17:33:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jeffrey\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/22 12:25:36 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/22 12:25:35 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/22 12:25:35 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/22 12:19:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 12:19:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 12:19:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/22 12:18:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 12:12:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/22 10:30:38 | 000,771,986 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2011/11/22 08:15:41 | 110,474,794 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/21 19:13:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/21 19:13:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/21 05:04:39 | 004,854,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/20 03:08:49 | 000,000,732 | ---- | M] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps64.dat
[2011/11/01 21:10:10 | 004,653,056 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/10/31 15:39:56 | 000,165,888 | ---- | M] () -- C:\Users\Jeffrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 17:14:19 | 000,001,045 | ---- | M] () -- C:\Users\Jeffrey\Desktop\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk

========== Files Created - No Company Name ==========

[2011/11/22 10:29:23 | 000,771,986 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2011/11/22 08:15:41 | 110,474,794 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/21 19:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/21 19:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/01 21:09:03 | 004,653,056 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/10/31 10:52:56 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/10/25 17:14:19 | 000,001,045 | ---- | C] () -- C:\Users\Jeffrey\Desktop\Desktop\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/10/25 17:12:55 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/10/25 17:09:36 | 000,001,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/10/25 17:08:59 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/10/25 17:06:47 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/10/25 17:06:34 | 000,001,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/10/25 17:05:36 | 000,000,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/09/22 19:43:46 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\{176A037F-FC79-42C3-B0AA-88B0A92A1D9D}
[2011/08/16 14:36:18 | 000,208,102 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/08/16 14:36:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2011/07/16 07:21:40 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\{7F9A2165-39D3-4AF9-9237-90F9D145B7AB}
[2011/07/11 22:43:14 | 000,155,937 | ---- | C] () -- C:\Windows\hpwins12.dat
[2011/07/11 22:41:49 | 000,009,847 | ---- | C] () -- C:\Windows\hpwscr12.dat
[2011/07/11 22:41:49 | 000,000,981 | ---- | C] () -- C:\Windows\hpwmdl12.dat
[2011/06/26 16:46:36 | 000,000,220 | -HS- | C] () -- C:\Windows\dwin.sys
[2010/06/28 02:02:57 | 000,172,544 | ---- | C] () -- C:\Windows\Ckyqib.exe
[2010/06/28 01:41:56 | 000,172,544 | ---- | C] () -- C:\Windows\Ckyqia.exe
[2010/04/10 12:49:49 | 000,010,738 | -HS- | C] () -- C:\Users\Jeffrey\AppData\Local\Xe8v
[2010/04/10 12:49:49 | 000,010,738 | -HS- | C] () -- C:\ProgramData\Xe8v
[2010/04/06 00:44:08 | 000,000,680 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps.dat
[2010/04/04 12:00:52 | 000,200,192 | -HS- | C] () -- C:\Users\Jeffrey\AppData\Local\2991590366.dll
[2010/04/04 11:46:06 | 000,010,990 | -HS- | C] () -- C:\Users\Jeffrey\AppData\Local\p7Fj0O6C
[2010/04/04 11:46:06 | 000,010,990 | -HS- | C] () -- C:\ProgramData\p7Fj0O6C
[2010/03/21 17:35:55 | 000,001,041 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\vso_ts_preview.xml
[2010/03/21 17:33:21 | 000,099,384 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\inst.exe
[2010/03/21 17:33:21 | 000,007,859 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\pcouffin.cat
[2010/03/21 17:33:21 | 000,001,167 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\pcouffin.inf
[2009/10/21 18:23:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 18:22:28 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/21 18:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/21 18:21:37 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/09/08 10:21:01 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/09/08 10:16:32 | 000,179,494 | ---- | C] () -- C:\Windows\hpwins14.dat
[2009/09/08 10:16:32 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2009/04/19 00:02:56 | 000,000,732 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps64.dat
[2009/01/03 13:53:49 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/03 13:53:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/26 16:12:08 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008/11/16 19:42:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/16 17:10:25 | 000,165,888 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/06 14:23:50 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/08/06 14:23:50 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/08/06 14:23:50 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/08/06 11:43:03 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\xwreg.dll
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/11/20 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\5275B
[2011/11/20 01:47:41 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\5B84A
[2008/11/25 13:33:44 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\acccore
[2011/08/11 11:24:54 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Amazon
[2011/11/21 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\AVG
[2011/11/21 21:03:34 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\AVG2012
[2010/11/16 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Camfrog
[2009/06/24 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\CopyTrans
[2010/03/21 14:15:10 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\GHISLER
[2011/11/20 01:46:40 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\HffR9hTXqjUekrO
[2011/11/20 01:46:42 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\HwVlOOBtyc1
[2011/11/20 01:48:20 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Iyy1inH7d
[2011/11/20 02:08:31 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\JQQHHdK7fL9X
[2011/06/29 17:54:17 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\MPEG Streamclip
[2011/11/19 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Spotify
[2008/11/17 15:09:39 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\tmp
[2011/11/21 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\uTorrent
[2010/03/27 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\Vso
[2009/06/24 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\WindSolutions
[2011/07/24 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jeffrey\AppData\Roaming\WSOP-USA.com
[2011/11/22 12:17:12 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#13
JeffreyRyan

Posted 22 November 2011 - 12:58 PM

Member

Topic Starter
Member
10 posts

no, neither norton nor symantec show up in my add/remove programs. i did see "panda security" in my otl log, but i also don't see it in add/remove.

#14
JeffreyRyan

Posted 22 November 2011 - 02:30 PM

Member

Topic Starter
Member
10 posts

ComboFix 11-11-22.01 - Jeffrey 11/22/2011 13:22:52.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2520 [GMT -6:00]
Running from: c:\users\Jeffrey\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\4B65\517A.tmp
c:\program files (x86)\LP\4B65\96E1.tmp
c:\users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001}
c:\users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001}\chrome.manifest
c:\users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001}\chrome\content\_cfg.js
c:\users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001}\chrome\content\overlay.xul
c:\users\Jeffrey\AppData\Local\{881B6AF5-8202-40D5-B4CA-80FF7486E001}\install.rdf
c:\users\Jeffrey\AppData\Local\2991590366.dll
c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 19:41 . 2011-11-22 20:19 -------- d-----w- c:\users\Jeffrey\AppData\Local\temp
2011-11-22 19:41 . 2011-11-22 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 17:26 . 2011-11-22 17:26 -------- d-----w- C:\_OTL
2011-11-21 21:30 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-21 21:30 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-21 21:30 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-21 21:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-21 20:34 . 2011-11-21 20:43 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\AVG
2011-11-21 05:34 . 2011-11-21 05:34 -------- d--h--w- c:\programdata\Common Files
2011-11-21 05:32 . 2011-11-22 19:11 -------- d-----w- c:\programdata\AVG2012
2011-11-21 05:29 . 2011-11-21 20:51 -------- d-----w- c:\program files (x86)\AVG
2011-11-21 05:20 . 2011-11-22 19:10 -------- d-----w- c:\programdata\MFAData
2011-11-21 05:16 . 2011-11-21 05:38 -------- d-----w- c:\programdata\Hitman Pro
2011-11-20 08:01 . 2011-11-20 08:08 -------- d-----w- c:\program files (x86)\5B84A
2011-11-20 07:48 . 2011-11-20 07:48 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Iyy1inH7d
2011-11-20 07:47 . 2011-11-20 07:47 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\5B84A
2011-11-20 07:46 . 2011-11-20 08:01 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\5275B
2011-11-20 07:46 . 2011-11-20 07:46 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\HwVlOOBtyc1
2011-11-20 07:46 . 2011-11-20 08:08 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\JQQHHdK7fL9X
2011-11-20 07:46 . 2011-11-20 07:46 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\HffR9hTXqjUekrO
2011-11-08 19:38 . 2011-11-19 22:01 -------- d-----w- c:\users\Jeffrey\AppData\Local\Spotify
2011-11-08 19:38 . 2011-11-19 22:01 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Spotify
2011-11-02 03:15 . 2011-11-02 03:15 -------- d-----w- c:\users\Jeffrey\AppData\Local\ElevatedDiagnostics
2011-10-31 16:53 . 2011-10-31 16:53 -------- d-----w- c:\programdata\NCH Software
2011-10-31 16:52 . 2011-10-31 16:52 -------- d-----w- c:\program files (x86)\NCH Software
2011-10-31 16:52 . 2011-10-31 16:56 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\NCH Software
2011-10-25 23:16 . 2011-11-19 00:19 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-10-25 23:09 . 2011-10-25 23:14 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 14:25 . 2011-07-26 18:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 13:56 . 2011-10-15 05:12 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 14:15 . 2011-10-15 05:12 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-02 13:39 . 2011-10-15 05:12 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2010-06-20 15:38 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-15 05:11 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-15 05:11 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:19 . 2011-10-15 05:11 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:15 . 2011-10-15 05:11 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-15 05:11 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 16:14 . 2011-10-15 05:11 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 13:54 . 2011-10-15 05:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-15 05:11 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-05-05 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register c:\program files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]
"B Register c:\program files (x86)\DivX\DivX Plus DirectShow Filters\DMFSource.ax"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate1ca00c49ce083f0;Google Update Service (gupdate1ca00c49ce083f0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-09 133104]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-09 133104]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 AutoSyncService;Memeo AutoSync ;c:\program files (x86)\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-09 20:20]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-09 18:39]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-09 18:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 21:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 21:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-07 137240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-07 202264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-07 165400]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3725312]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF7791.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.7.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\nu61hwti.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Jeffrey\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
.
**************************************************************************
.
Completion time: 2011-11-22 14:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 20:26
.
Pre-Run: 39,041,867,776 bytes free
Post-Run: 38,245,462,016 bytes free
.
- - End Of File - - 6D2C36203983505833D8797F25FD0DBB