Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't boot after trojan removal


  • Please log in to reply

#1
gregandmellina

gregandmellina

    Member

  • Member
  • PipPip
  • 16 posts
A few days ago I went to a site that downloaded a java applet that I couldn't stop. Since then McAfee has been reporting Artemis!67245A472E00, ZeroAccess.e and Exploit-CVE2010-0840. Also McAfee Real Time scanning is off and when I attempt to turn it on, it goes on for a few seconds and then back off again. I ran MalwareBytes and it showed Trojan.Agent and PUP.BitMiner which it was able to remove. I then ran Panda Cloud and it found some trojans and I had it delete them. After that my computer would not restart. I spent a few hours trying different things and finally found a restore point that worked. Unfortunately since I had to do a restore, I have no idea what the trojans were that it was trying to delete. I am still infected though I really don't know with what. I now ran OTL and here is the log:

OTL logfile created on: 11/23/2011 7:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\0
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.12% Memory free
16.00 Gb Paging File | 13.71 Gb Available in Paging File | 85.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.52 Gb Total Space | 857.69 Gb Free Space | 93.28% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 19:07:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\0\OTL.exe
PRC - [2011/11/08 18:39:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/03/10 17:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/16 01:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 01:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 12:17:26 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 18:39:37 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/03 10:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/17 21:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/11/23 19:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 19:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/12/14 18:41:05 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/14 18:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/05 19:47:34 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/23 00:24:40 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/10/13 03:12:04 | 001,244,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/05/17 21:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 20:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 07:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/03 10:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 14:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/04/22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 19:53:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 12:44:32 | 000,000,000 | ---D | M]

[2010/12/21 13:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions
[2011/11/23 19:37:55 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2011/11/23 11:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/23 11:18:10 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/08 18:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GREG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T69S2GXQ.DEFAULT\EXTENSIONS\{51EF49D2-624B-4194-8B97-1C468E9B0EFE}.XPI
() (No name found) -- C:\USERS\GREG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T69S2GXQ.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 18:39:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/16 18:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOpf.dll
[2011/10/01 20:45:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:39:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/18 09:13:10 | 000,440,701 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 15093 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101221184206.dll (McAfee, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101221184206.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Update Service] C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
O4 - HKCU..\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S5E94.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.harris.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DEBC244-8724-440F-BE77-5279B092B3C3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 18:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/23 11:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/23 11:18:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\panda2_0dn
[2011/11/23 09:30:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/23 09:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/23 09:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/11/23 09:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/23 09:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/11/23 08:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/23 08:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/23 08:57:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/22 19:07:32 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/20 11:55:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D47EE25-4B40-4880-8706-024BE752033A}
[2011/11/20 11:55:13 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{CE4332C5-0FAF-4A7A-9223-862568BACDF6}
[2011/11/19 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{37C34F90-4072-41CA-BB04-B679E4B6A2DB}
[2011/11/19 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{B0A1DF8E-2040-484D-9CB0-35AC67670B1B}
[2011/11/18 10:44:03 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{EEF986A2-2E69-4FCC-A1F1-962746223D33}
[2011/11/18 10:43:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{80030086-D953-40F0-94DE-B93548C332DD}
[2011/11/18 09:36:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\mfccrtEnum
[2011/11/18 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Fish tank
[2011/11/17 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9DDBBB5B-00F3-4B15-9559-11CAA9D579BD}
[2011/11/17 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{012795D7-0B37-46A3-BAFB-DB59B5727007}
[2011/11/15 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{38105170-B6E3-499F-AA0F-05CB74A7E5C7}
[2011/11/15 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9CFF1459-3D09-46F9-B2F7-6EED7F7E9EDF}
[2011/11/14 08:40:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{02F36651-9683-47E6-B2FE-935E4D8DD174}
[2011/11/14 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{38B75557-8286-47FF-9459-F4AD0108BA4F}
[2011/11/14 07:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{EC0E122E-C37C-4FF2-8034-C9221223AB3C}
[2011/11/13 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5AAABCC7-0E83-4AE6-946D-0EE68CD332AD}
[2011/11/13 08:38:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{AB5EC623-3BE0-42F5-9C6D-8B50E6C2A60F}
[2011/11/13 08:38:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E29D3DD8-968E-47AB-A5ED-E40D1101D8C9}
[2011/11/11 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{39801B03-7771-4CE8-9606-F8A51AC1F6FB}
[2011/11/11 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BBECD75F-4F14-44E7-B7C3-BDAB61BB059B}
[2011/11/10 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{AFD01ECC-D588-4797-960E-1097F573D713}
[2011/11/10 18:35:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3A074437-EC8C-493F-81FA-2D0BCC64C567}
[2011/11/10 06:26:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{46470403-5B10-4D0E-9E86-B02FF36104E9}
[2011/11/10 06:26:47 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{A373D596-67CF-4373-9186-6CECE4B807AA}
[2011/11/09 11:50:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BF58EE7C-D0DF-4D50-90E6-D162AA7F0872}
[2011/11/09 11:50:00 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F0F68A1-4930-4276-A5A2-F3118567AB2A}
[2011/11/08 21:23:51 | 000,000,000 | ---D | C] -- C:\Olivia
[2011/11/08 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{769478DE-F3D6-43AD-B9A6-4F6F3FB87EF2}
[2011/11/08 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{2128A5F5-0A24-4F47-9ABB-EECF71D550C4}
[2011/11/07 21:16:19 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{34BF9508-1CEF-431E-8BD8-84305DF72B09}
[2011/11/07 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{194EEF5E-06CB-4FFD-9FC8-1BE926E7D45B}
[2011/11/07 06:35:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3A8B536C-8C2E-4DE1-9F0B-7D241D981569}
[2011/11/07 06:35:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{49DC6BD8-FDF8-4D47-961C-43E68741C948}
[2011/11/06 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{84D1EE66-C40A-4D37-83BD-B07E3F2ED31E}
[2011/11/06 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1962FC13-92F4-45F6-BFE1-3CA1A81BAA84}
[2011/11/04 13:42:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F379C02-2B11-49B3-B5E8-5EF9A6B3346F}
[2011/11/04 13:41:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{55F3B63B-B077-44F8-BC61-11F803F3D671}
[2011/11/04 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/04 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Adobe Mini Bridge CS5
[2011/11/03 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{16A4DEA9-C923-4465-846D-74ABF12AEF66}
[2011/11/03 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E9C4BBFE-D8C3-4BB3-B736-DABB13098DA6}
[2011/11/03 06:23:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{D714B129-8AD2-4AC6-90E3-95CD2797E208}
[2011/11/03 06:23:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C6F816DA-A314-436F-934C-514083136129}
[2011/10/31 18:47:56 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C674F47E-F63A-434F-94DD-A90F781AB21E}
[2011/10/31 18:47:44 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1A4D3B09-01B3-4148-9579-A416A1893B5E}
[2011/10/31 18:45:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\JPEG
[2011/10/30 08:29:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C1985F22-BF6A-4286-87C4-7E1258316DE6}
[2011/10/30 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9CF3AE45-8062-4A92-B993-0AE5FD3C09D1}
[2011/10/29 07:37:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8704711B-C349-4506-8DA6-A99AE8D1DEA7}
[2011/10/29 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{42132690-EA46-46BB-B164-5BF493F4104E}
[2011/10/28 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{67BD943C-1F95-439A-9750-64F3FFE7A2FB}
[2011/10/28 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1FE4E568-C90A-439B-84AB-4297400D13CF}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/23 19:06:30 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 19:06:30 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 19:04:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/23 19:01:57 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/23 19:01:57 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/23 19:01:57 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/23 18:57:33 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/23 18:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 18:57:09 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 13:08:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/18 16:01:58 | 000,000,646 | ---- | M] () -- C:\Users\Greg\Desktop\Photos - Shortcut.lnk
[2011/11/18 09:13:10 | 000,440,701 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/16 12:40:23 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/12 07:42:40 | 000,109,449 | ---- | M] () -- C:\Users\Greg\Desktop\FreeNano.jpg
[2011/11/10 12:02:03 | 000,001,456 | ---- | M] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/09 03:20:29 | 005,054,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 18:39:54 | 000,002,050 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/04 11:04:45 | 000,001,068 | ---- | M] () -- C:\Users\Greg\Desktop\Glary Utilities.lnk
[2011/11/04 08:07:09 | 000,440,158 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111118-091310.backup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 12:55:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/18 16:01:58 | 000,000,646 | ---- | C] () -- C:\Users\Greg\Desktop\Photos - Shortcut.lnk
[2011/11/12 07:42:40 | 000,109,449 | ---- | C] () -- C:\Users\Greg\Desktop\FreeNano.jpg
[2011/10/18 15:50:33 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2011/10/16 10:42:21 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/08/14 17:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/08/14 16:30:14 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/14 16:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/14 16:30:14 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/14 16:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/14 16:30:14 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/14 16:30:14 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/14 16:30:14 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/14 16:30:14 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/14 16:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/14 16:30:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/14 16:30:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/14 16:30:14 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/14 16:30:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/14 16:30:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/14 16:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/14 16:30:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/14 16:25:32 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
[2011/03/29 17:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011/03/04 16:46:27 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/21 16:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/02/19 08:38:31 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/15 05:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2011/01/15 16:30:39 | 000,001,456 | ---- | C] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/21 15:39:14 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010/12/21 13:40:38 | 000,001,404 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2010/12/14 20:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/14 19:55:59 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/14 18:41:51 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/14 18:41:51 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/14 18:41:51 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/14 18:41:50 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/14 18:41:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 01:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 01:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2002/07/13 12:00:00 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\tsseShrd.dll

========== LOP Check ==========

[2011/08/26 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Alien Skin
[2011/03/09 05:08:03 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Amazon
[2011/01/27 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/18 09:11:29 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\EBookSys
[2011/11/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Epson
[2011/11/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\GlarySoft
[2011/01/09 20:42:38 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\HDRsoft
[2011/11/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Juniper Networks
[2011/08/14 16:40:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leadertech
[2011/01/30 07:58:03 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Nik Software
[2010/12/22 10:08:00 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PCDr
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Softland
[2011/11/04 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/18 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\uTorrent
[2010/12/31 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Windows Live Writer
[2010/12/30 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\WTouch
[2011/11/23 18:57:33 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/11/16 12:40:23 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/03 11:45:59 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/23 19:04:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:FA7CDE12
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0CFF5F08

< End of report >

Edited by gregandmellina, 23 November 2011 - 06:50 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
You still have the ZeroAccess rootkit.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK Ron here you go! Thanks so much for helping.

Here is the combofix:

ComboFix 11-11-23.03 - Greg 11/24/2011 7:33.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6313 [GMT -5:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\54f0ebcf-5112-42c0-8cae-cced0fb36709.dll
c:\programdata\PCDr\5907\Downloads\b433d9f0-1aa4-4aa6-bef9-8d6b0cf0d4b1.dll
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 12:59 . 2011-11-24 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 16:54 . 2011-11-23 16:54 -------- d-----w- c:\program files (x86)\ESET
2011-11-23 16:18 . 2011-11-23 16:39 -------- d-----w- c:\users\Greg\AppData\Local\panda2_0dn
2011-11-23 14:30 . 2011-11-23 14:30 -------- d-----w- C:\$AVG
2011-11-23 14:17 . 2011-11-24 00:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-23 14:17 . 2011-11-24 00:37 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-11-23 14:16 . 2011-11-23 16:18 -------- d-----w- c:\program files (x86)\Panda Security
2011-11-23 14:16 . 2011-11-23 16:02 -------- d-----w- c:\programdata\Panda Security
2011-11-23 13:59 . 2011-11-23 16:05 -------- d-----w- c:\programdata\AVG2012
2011-11-23 13:59 . 2011-11-24 00:50 -------- d-----w- c:\program files (x86)\AVG
2011-11-23 13:57 . 2011-11-23 13:57 -------- d--h--w- c:\programdata\Common Files
2011-11-18 14:36 . 2011-11-18 22:22 -------- d-----w- c:\users\Greg\AppData\Local\mfccrtEnum
2011-11-14 12:32 . 2011-11-24 00:52 -------- d-----w- c:\windows\system32\Macromed
2011-11-09 02:23 . 2011-11-09 02:24 -------- d-----w- C:\Olivia
2011-11-08 23:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 23:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 23:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:00 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 18:27 . 2011-11-04 18:27 -------- d-----w- c:\users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-04 18:27 . 2011-11-04 18:27 -------- d-----w- c:\users\Greg\AppData\Roaming\Adobe Mini Bridge CS5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 17:17 . 2011-05-16 16:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 09:19 . 2011-04-14 21:52 589896 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-10-11 09:19 . 2011-04-14 21:52 421448 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-10-11 09:11 . 2011-10-11 09:11 344064 ----a-w- c:\windows\SysWow64\dsGinaLoaderX64.dll
2011-09-28 18:39 . 2011-10-18 20:50 4608 ----a-w- c:\windows\SysWow64\ColorEfexPro4FC64.dll
2011-09-28 18:39 . 2011-09-22 16:31 4608 ----a-w- c:\windows\system32\ColorEfexPro4FC64.dll
2011-09-22 16:30 . 2011-09-22 16:30 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2011-09-01 05:24 . 2011-10-12 07:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 07:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 21:00 . 2010-12-21 18:53 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 22:41 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-27 05:37 . 2011-10-12 02:29 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 02:29 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 02:29 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 02:29 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="c:\progra~2\COMMON~1\TEKNUM~1\update.exe" [2010-12-21 19456]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1484856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-10-16 4577760]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-12-21 17:08]
.
2011-11-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-11-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF1709.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-11-24 08:34:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 13:34
.
Pre-Run: 924,488,650,752 bytes free
Post-Run: 924,324,962,304 bytes free
.
- - End Of File - - 0BD7BBFB0E974AF8119948C07B789A89


Here is the TDS Killer log:

08:40:22.0472 5344 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
08:40:23.0046 5344 ============================================================
08:40:23.0046 5344 Current date / time: 2011/11/24 08:40:23.0046
08:40:23.0046 5344 SystemInfo:
08:40:23.0046 5344
08:40:23.0046 5344 OS Version: 6.1.7601 ServicePack: 1.0
08:40:23.0046 5344 Product type: Workstation
08:40:23.0047 5344 ComputerName: GREG-PC
08:40:23.0047 5344 UserName: Greg
08:40:23.0047 5344 Windows directory: C:\Windows
08:40:23.0047 5344 System windows directory: C:\Windows
08:40:23.0047 5344 Running under WOW64
08:40:23.0047 5344 Processor architecture: Intel x64
08:40:23.0047 5344 Number of processors: 6
08:40:23.0047 5344 Page size: 0x1000
08:40:23.0047 5344 Boot type: Normal boot
08:40:23.0047 5344 ============================================================
08:40:24.0001 5344 Initialize success
08:40:37.0052 0136 ============================================================
08:40:37.0052 0136 Scan started
08:40:37.0052 0136 Mode: Manual;
08:40:37.0052 0136 ============================================================
08:40:37.0414 0136 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:40:37.0421 0136 1394ohci - ok
08:40:37.0443 0136 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:40:37.0447 0136 ACPI - ok
08:40:37.0474 0136 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:40:37.0476 0136 AcpiPmi - ok
08:40:37.0537 0136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:40:37.0548 0136 adp94xx - ok
08:40:37.0570 0136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:40:37.0574 0136 adpahci - ok
08:40:37.0594 0136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:40:37.0599 0136 adpu320 - ok
08:40:37.0678 0136 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:40:37.0689 0136 AFD - ok
08:40:37.0712 0136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:40:37.0713 0136 agp440 - ok
08:40:37.0743 0136 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\DRIVERS\ahcix64s.sys
08:40:37.0749 0136 ahcix64s - ok
08:40:37.0776 0136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:40:37.0778 0136 aliide - ok
08:40:37.0831 0136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:40:37.0833 0136 amdide - ok
08:40:37.0855 0136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:40:37.0856 0136 AmdK8 - ok
08:40:37.0977 0136 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
08:40:38.0082 0136 amdkmdag - ok
08:40:38.0098 0136 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
08:40:38.0099 0136 amdkmdap - ok
08:40:38.0116 0136 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
08:40:38.0117 0136 AmdLLD64 - ok
08:40:38.0130 0136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:40:38.0132 0136 AmdPPM - ok
08:40:38.0152 0136 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
08:40:38.0154 0136 amdsata - ok
08:40:38.0178 0136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:40:38.0179 0136 amdsbs - ok
08:40:38.0200 0136 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
08:40:38.0202 0136 amdxata - ok
08:40:38.0263 0136 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:40:38.0267 0136 AppID - ok
08:40:38.0329 0136 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:40:38.0333 0136 arc - ok
08:40:38.0353 0136 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:40:38.0355 0136 arcsas - ok
08:40:38.0399 0136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:40:38.0401 0136 AsyncMac - ok
08:40:38.0433 0136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:40:38.0434 0136 atapi - ok
08:40:38.0487 0136 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
08:40:38.0490 0136 AtiHdmiService - ok
08:40:38.0557 0136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:40:38.0567 0136 b06bdrv - ok
08:40:38.0587 0136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:40:38.0590 0136 b57nd60a - ok
08:40:38.0677 0136 BCMH43XX (23d68a29d1e12e593e99a7cf8f5f1b95) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
08:40:38.0695 0136 BCMH43XX - ok
08:40:38.0704 0136 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:40:38.0705 0136 Beep - ok
08:40:38.0756 0136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:40:38.0757 0136 blbdrive - ok
08:40:38.0808 0136 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:40:38.0812 0136 bowser - ok
08:40:38.0827 0136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:40:38.0828 0136 BrFiltLo - ok
08:40:38.0838 0136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:40:38.0839 0136 BrFiltUp - ok
08:40:38.0850 0136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:40:38.0854 0136 Brserid - ok
08:40:38.0867 0136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:40:38.0869 0136 BrSerWdm - ok
08:40:38.0880 0136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:40:38.0881 0136 BrUsbMdm - ok
08:40:38.0897 0136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:40:38.0898 0136 BrUsbSer - ok
08:40:38.0916 0136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:40:38.0919 0136 BTHMODEM - ok
08:40:39.0004 0136 catchme - ok
08:40:39.0073 0136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:40:39.0077 0136 cdfs - ok
08:40:39.0130 0136 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:40:39.0134 0136 cdrom - ok
08:40:39.0332 0136 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
08:40:39.0335 0136 cfwids - ok
08:40:39.0364 0136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:40:39.0365 0136 circlass - ok
08:40:39.0398 0136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:40:39.0406 0136 CLFS - ok
08:40:39.0464 0136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:40:39.0466 0136 CmBatt - ok
08:40:39.0501 0136 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:40:39.0503 0136 cmdide - ok
08:40:39.0548 0136 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
08:40:39.0557 0136 CNG - ok
08:40:39.0576 0136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:40:39.0577 0136 Compbatt - ok
08:40:39.0595 0136 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:40:39.0598 0136 CompositeBus - ok
08:40:39.0645 0136 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:40:39.0646 0136 crcdisk - ok
08:40:39.0689 0136 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:40:39.0693 0136 DfsC - ok
08:40:39.0719 0136 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:40:39.0720 0136 discache - ok
08:40:39.0729 0136 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:40:39.0730 0136 Disk - ok
08:40:39.0800 0136 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:40:39.0801 0136 drmkaud - ok
08:40:39.0838 0136 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
08:40:39.0840 0136 dsNcAdpt - ok
08:40:39.0913 0136 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:40:39.0926 0136 DXGKrnl - ok
08:40:39.0998 0136 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:40:40.0042 0136 ebdrv - ok
08:40:40.0068 0136 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:40:40.0072 0136 elxstor - ok
08:40:40.0090 0136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:40:40.0091 0136 ErrDev - ok
08:40:40.0112 0136 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:40:40.0114 0136 exfat - ok
08:40:40.0132 0136 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:40:40.0134 0136 fastfat - ok
08:40:40.0161 0136 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:40:40.0164 0136 fdc - ok
08:40:40.0182 0136 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:40:40.0183 0136 FileInfo - ok
08:40:40.0195 0136 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:40:40.0196 0136 Filetrace - ok
08:40:40.0239 0136 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:40:40.0242 0136 flpydisk - ok
08:40:40.0280 0136 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:40:40.0287 0136 FltMgr - ok
08:40:40.0315 0136 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:40:40.0316 0136 FsDepends - ok
08:40:40.0331 0136 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:40:40.0332 0136 Fs_Rec - ok
08:40:40.0394 0136 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:40:40.0399 0136 fvevol - ok
08:40:40.0418 0136 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:40:40.0420 0136 gagp30kx - ok
08:40:40.0477 0136 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:40:40.0479 0136 hcw85cir - ok
08:40:40.0498 0136 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:40:40.0502 0136 HDAudBus - ok
08:40:40.0521 0136 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:40:40.0524 0136 HidBatt - ok
08:40:40.0540 0136 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:40:40.0542 0136 HidBth - ok
08:40:40.0557 0136 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:40:40.0560 0136 HidIr - ok
08:40:40.0612 0136 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:40:40.0613 0136 HidUsb - ok
08:40:40.0644 0136 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:40:40.0646 0136 HpSAMD - ok
08:40:40.0695 0136 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:40:40.0706 0136 HTTP - ok
08:40:40.0734 0136 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:40:40.0734 0136 hwpolicy - ok
08:40:40.0781 0136 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:40:40.0785 0136 i8042prt - ok
08:40:40.0830 0136 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:40:40.0840 0136 iaStorV - ok
08:40:40.0877 0136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:40:40.0878 0136 iirsp - ok
08:40:40.0976 0136 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
08:40:40.0984 0136 IntcAzAudAddService - ok
08:40:41.0004 0136 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:40:41.0005 0136 intelide - ok
08:40:41.0044 0136 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:40:41.0047 0136 intelppm - ok
08:40:41.0084 0136 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:40:41.0086 0136 IpFilterDriver - ok
08:40:41.0103 0136 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:40:41.0105 0136 IPMIDRV - ok
08:40:41.0118 0136 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:40:41.0120 0136 IPNAT - ok
08:40:41.0134 0136 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:40:41.0135 0136 IRENUM - ok
08:40:41.0152 0136 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:40:41.0154 0136 isapnp - ok
08:40:41.0171 0136 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:40:41.0175 0136 iScsiPrt - ok
08:40:41.0236 0136 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:40:41.0242 0136 k57nd60a - ok
08:40:41.0287 0136 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:40:41.0290 0136 kbdclass - ok
08:40:41.0312 0136 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:40:41.0313 0136 kbdhid - ok
08:40:41.0335 0136 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
08:40:41.0336 0136 KSecDD - ok
08:40:41.0365 0136 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
08:40:41.0369 0136 KSecPkg - ok
08:40:41.0387 0136 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:40:41.0389 0136 ksthunk - ok
08:40:41.0441 0136 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:40:41.0444 0136 lltdio - ok
08:40:41.0477 0136 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:40:41.0479 0136 LSI_FC - ok
08:40:41.0500 0136 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:40:41.0504 0136 LSI_SAS - ok
08:40:41.0520 0136 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:40:41.0524 0136 LSI_SAS2 - ok
08:40:41.0574 0136 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:40:41.0578 0136 LSI_SCSI - ok
08:40:41.0619 0136 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:40:41.0621 0136 luafv - ok
08:40:41.0677 0136 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:40:41.0680 0136 megasas - ok
08:40:41.0706 0136 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:40:41.0709 0136 MegaSR - ok
08:40:41.0753 0136 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
08:40:41.0756 0136 mfeapfk - ok
08:40:41.0779 0136 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
08:40:41.0783 0136 mfeavfk - ok
08:40:41.0819 0136 mfeavfk01 - ok
08:40:41.0859 0136 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
08:40:41.0861 0136 mfefirek - ok
08:40:41.0887 0136 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
08:40:41.0892 0136 mfehidk - ok
08:40:41.0907 0136 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
08:40:41.0909 0136 mfenlfk - ok
08:40:41.0942 0136 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
08:40:41.0944 0136 mferkdet - ok
08:40:41.0966 0136 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
08:40:41.0968 0136 mfewfpk - ok
08:40:41.0990 0136 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:40:41.0991 0136 Modem - ok
08:40:42.0035 0136 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:40:42.0037 0136 monitor - ok
08:40:42.0100 0136 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:40:42.0100 0136 mouclass - ok
08:40:42.0117 0136 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:40:42.0120 0136 mouhid - ok
08:40:42.0177 0136 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:40:42.0181 0136 mountmgr - ok
08:40:42.0214 0136 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:40:42.0217 0136 mpio - ok
08:40:42.0236 0136 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:40:42.0239 0136 mpsdrv - ok
08:40:42.0282 0136 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:40:42.0284 0136 MRxDAV - ok
08:40:42.0319 0136 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:40:42.0323 0136 mrxsmb - ok
08:40:42.0348 0136 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:40:42.0351 0136 mrxsmb10 - ok
08:40:42.0366 0136 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:40:42.0370 0136 mrxsmb20 - ok
08:40:42.0389 0136 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:40:42.0390 0136 msahci - ok
08:40:42.0421 0136 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:40:42.0425 0136 msdsm - ok
08:40:42.0461 0136 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:40:42.0462 0136 Msfs - ok
08:40:42.0473 0136 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:40:42.0474 0136 mshidkmdf - ok
08:40:42.0495 0136 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:40:42.0497 0136 msisadrv - ok
08:40:42.0551 0136 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:40:42.0553 0136 MSKSSRV - ok
08:40:42.0573 0136 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:40:42.0574 0136 MSPCLOCK - ok
08:40:42.0595 0136 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:40:42.0597 0136 MSPQM - ok
08:40:42.0636 0136 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:40:42.0643 0136 MsRPC - ok
08:40:42.0663 0136 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:40:42.0664 0136 mssmbios - ok
08:40:42.0684 0136 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:40:42.0685 0136 MSTEE - ok
08:40:42.0704 0136 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:40:42.0707 0136 MTConfig - ok
08:40:42.0727 0136 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:40:42.0727 0136 Mup - ok
08:40:42.0780 0136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:40:42.0784 0136 NativeWifiP - ok
08:40:42.0855 0136 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:40:42.0866 0136 NDIS - ok
08:40:42.0925 0136 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:40:42.0928 0136 NdisCap - ok
08:40:42.0973 0136 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:40:42.0976 0136 NdisTapi - ok
08:40:43.0011 0136 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:40:43.0014 0136 Ndisuio - ok
08:40:43.0042 0136 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:40:43.0045 0136 NdisWan - ok
08:40:43.0055 0136 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:40:43.0056 0136 NDProxy - ok
08:40:43.0073 0136 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:40:43.0074 0136 NetBIOS - ok
08:40:43.0103 0136 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:40:43.0106 0136 NetBT - ok
08:40:43.0159 0136 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:40:43.0160 0136 nfrd960 - ok
08:40:43.0236 0136 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:40:43.0237 0136 Npfs - ok
08:40:43.0251 0136 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:40:43.0252 0136 nsiproxy - ok
08:40:43.0316 0136 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:40:43.0322 0136 Ntfs - ok
08:40:43.0334 0136 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:40:43.0335 0136 Null - ok
08:40:43.0400 0136 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:40:43.0405 0136 nvraid - ok
08:40:43.0439 0136 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:40:43.0443 0136 nvstor - ok
08:40:43.0480 0136 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:40:43.0484 0136 nv_agp - ok
08:40:43.0510 0136 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:40:43.0514 0136 ohci1394 - ok
08:40:43.0569 0136 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:40:43.0570 0136 Parport - ok
08:40:43.0599 0136 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:40:43.0603 0136 partmgr - ok
08:40:43.0677 0136 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
08:40:43.0680 0136 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
08:40:43.0707 0136 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:40:43.0708 0136 pci - ok
08:40:43.0736 0136 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:40:43.0738 0136 pciide - ok
08:40:43.0771 0136 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:40:43.0776 0136 pcmcia - ok
08:40:43.0797 0136 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:40:43.0798 0136 pcw - ok
08:40:43.0840 0136 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:40:43.0855 0136 PEAUTH - ok
08:40:43.0892 0136 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:40:43.0894 0136 PptpMiniport - ok
08:40:43.0911 0136 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:40:43.0912 0136 Processor - ok
08:40:43.0941 0136 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:40:43.0943 0136 Psched - ok
08:40:43.0999 0136 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:40:44.0000 0136 PxHlpa64 - ok
08:40:44.0071 0136 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:40:44.0116 0136 ql2300 - ok
08:40:44.0145 0136 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:40:44.0147 0136 ql40xx - ok
08:40:44.0169 0136 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:40:44.0172 0136 QWAVEdrv - ok
08:40:44.0203 0136 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:40:44.0205 0136 RasAcd - ok
08:40:44.0233 0136 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:40:44.0236 0136 RasAgileVpn - ok
08:40:44.0276 0136 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:40:44.0280 0136 Rasl2tp - ok
08:40:44.0308 0136 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:40:44.0309 0136 RasPppoe - ok
08:40:44.0323 0136 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:40:44.0336 0136 RasSstp - ok
08:40:44.0393 0136 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:40:44.0400 0136 rdbss - ok
08:40:44.0421 0136 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:40:44.0424 0136 rdpbus - ok
08:40:44.0443 0136 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:40:44.0444 0136 RDPCDD - ok
08:40:44.0497 0136 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:40:44.0499 0136 RDPENCDD - ok
08:40:44.0520 0136 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:40:44.0522 0136 RDPREFMP - ok
08:40:44.0563 0136 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:40:44.0569 0136 RDPWD - ok
08:40:44.0601 0136 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:40:44.0603 0136 rdyboost - ok
08:40:44.0646 0136 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:40:44.0648 0136 rspndr - ok
08:40:44.0654 0136 RxFilter - ok
08:40:44.0681 0136 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:40:44.0683 0136 sbp2port - ok
08:40:44.0720 0136 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:40:44.0723 0136 scfilter - ok
08:40:44.0786 0136 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
08:40:44.0788 0136 SCMNdisP - ok
08:40:44.0824 0136 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:40:44.0825 0136 secdrv - ok
08:40:44.0864 0136 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:40:44.0865 0136 Serenum - ok
08:40:44.0911 0136 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:40:44.0915 0136 Serial - ok
08:40:44.0949 0136 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:40:44.0951 0136 sermouse - ok
08:40:44.0996 0136 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:40:45.0000 0136 sffdisk - ok
08:40:45.0017 0136 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:40:45.0019 0136 sffp_mmc - ok
08:40:45.0037 0136 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:40:45.0038 0136 sffp_sd - ok
08:40:45.0055 0136 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:40:45.0058 0136 sfloppy - ok
08:40:45.0112 0136 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:40:45.0114 0136 SiSRaid2 - ok
08:40:45.0131 0136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:40:45.0132 0136 SiSRaid4 - ok
08:40:45.0146 0136 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:40:45.0150 0136 Smb - ok
08:40:45.0190 0136 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:40:45.0191 0136 spldr - ok
08:40:45.0235 0136 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:40:45.0245 0136 srv - ok
08:40:45.0273 0136 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:40:45.0277 0136 srv2 - ok
08:40:45.0298 0136 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:40:45.0302 0136 srvnet - ok
08:40:45.0358 0136 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:40:45.0359 0136 stexstor - ok
08:40:45.0388 0136 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:40:45.0389 0136 swenum - ok
08:40:45.0585 0136 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:40:45.0599 0136 Tcpip - ok
08:40:45.0684 0136 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:40:45.0692 0136 TCPIP6 - ok
08:40:45.0723 0136 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:40:45.0725 0136 tcpipreg - ok
08:40:45.0741 0136 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:40:45.0743 0136 TDPIPE - ok
08:40:45.0764 0136 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:40:45.0765 0136 TDTCP - ok
08:40:45.0801 0136 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:40:45.0805 0136 tdx - ok
08:40:45.0827 0136 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:40:45.0829 0136 TermDD - ok
08:40:45.0876 0136 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:40:45.0877 0136 tssecsrv - ok
08:40:45.0928 0136 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:40:45.0931 0136 TsUsbFlt - ok
08:40:45.0988 0136 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:40:45.0993 0136 tunnel - ok
08:40:46.0019 0136 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:40:46.0022 0136 uagp35 - ok
08:40:46.0068 0136 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:40:46.0075 0136 udfs - ok
08:40:46.0117 0136 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:40:46.0119 0136 uliagpkx - ok
08:40:46.0149 0136 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:40:46.0152 0136 umbus - ok
08:40:46.0177 0136 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:40:46.0180 0136 UmPass - ok
08:40:46.0232 0136 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:40:46.0236 0136 usbaudio - ok
08:40:46.0271 0136 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:40:46.0274 0136 usbccgp - ok
08:40:46.0324 0136 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:40:46.0328 0136 usbcir - ok
08:40:46.0361 0136 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:40:46.0363 0136 usbehci - ok
08:40:46.0397 0136 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:40:46.0404 0136 usbhub - ok
08:40:46.0424 0136 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:40:46.0426 0136 usbohci - ok
08:40:46.0466 0136 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:40:46.0469 0136 usbprint - ok
08:40:46.0503 0136 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:40:46.0506 0136 USBSTOR - ok
08:40:46.0538 0136 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:40:46.0540 0136 usbuhci - ok
08:40:46.0596 0136 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:40:46.0601 0136 usbvideo - ok
08:40:46.0627 0136 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:40:46.0628 0136 vdrvroot - ok
08:40:46.0654 0136 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:40:46.0655 0136 vga - ok
08:40:46.0672 0136 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:40:46.0673 0136 VgaSave - ok
08:40:46.0700 0136 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:40:46.0704 0136 vhdmp - ok
08:40:46.0724 0136 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:40:46.0725 0136 viaide - ok
08:40:46.0756 0136 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:40:46.0759 0136 volmgr - ok
08:40:46.0801 0136 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:40:46.0809 0136 volmgrx - ok
08:40:46.0836 0136 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:40:46.0839 0136 volsnap - ok
08:40:46.0860 0136 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:40:46.0862 0136 vsmraid - ok
08:40:46.0885 0136 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:40:46.0888 0136 vwifibus - ok
08:40:46.0909 0136 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:40:46.0912 0136 vwififlt - ok
08:40:46.0961 0136 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
08:40:46.0962 0136 wacmoumonitor - ok
08:40:46.0993 0136 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
08:40:46.0995 0136 wacommousefilter - ok
08:40:47.0019 0136 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:40:47.0024 0136 WacomPen - ok
08:40:47.0101 0136 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
08:40:47.0102 0136 wacomvhid - ok
08:40:47.0150 0136 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:40:47.0154 0136 WANARP - ok
08:40:47.0183 0136 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:40:47.0186 0136 Wanarpv6 - ok
08:40:47.0235 0136 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:40:47.0236 0136 Wd - ok
08:40:47.0257 0136 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:40:47.0262 0136 Wdf01000 - ok
08:40:47.0286 0136 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:40:47.0287 0136 WfpLwf - ok
08:40:47.0315 0136 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:40:47.0320 0136 WimFltr - ok
08:40:47.0347 0136 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:40:47.0348 0136 WIMMount - ok
08:40:47.0403 0136 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:40:47.0404 0136 WmiAcpi - ok
08:40:47.0459 0136 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:40:47.0462 0136 ws2ifsl - ok
08:40:47.0524 0136 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:40:47.0526 0136 WudfPf - ok
08:40:47.0547 0136 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:40:47.0552 0136 WUDFRd - ok
08:40:47.0616 0136 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:40:47.0623 0136 \Device\Harddisk0\DR0 - ok
08:40:47.0631 0136 Boot (0x1200) (59a2d7901043ad9fb403eb3f2f4e36c6) \Device\Harddisk0\DR0\Partition0
08:40:47.0632 0136 \Device\Harddisk0\DR0\Partition0 - ok
08:40:47.0643 0136 Boot (0x1200) (98ff76e511c0a1ea858f5c65612a33a7) \Device\Harddisk0\DR0\Partition1
08:40:47.0644 0136 \Device\Harddisk0\DR0\Partition1 - ok
08:40:47.0645 0136 ============================================================
08:40:47.0645 0136 Scan finished
08:40:47.0646 0136 ============================================================
08:40:47.0667 4160 Detected object count: 0
08:40:47.0667 4160 Actual detected object count: 0
08:44:27.0094 6104 Deinitialize success


Here is the aswMBR log (The Fix button was NOT enabled):

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 08:41:33
-----------------------------
08:41:33.233 OS Version: Windows x64 6.1.7601 Service Pack 1
08:41:33.234 Number of processors: 6 586 0xA00
08:41:33.235 ComputerName: GREG-PC UserName: Greg
08:41:35.027 Initialize success
08:43:02.253 AVAST engine defs: 11112302
08:43:44.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
08:43:44.143 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 11
08:43:46.163 Disk 0 MBR read successfully
08:43:46.169 Disk 0 MBR scan
08:43:46.179 Disk 0 Windows VISTA default MBR code
08:43:46.186 Service scanning
08:43:47.311 Modules scanning
08:43:47.319 Scan finished successfully
08:44:12.131 Disk 0 MBR has been saved successfully to "C:\Users\Greg\Desktop\MBR.dat"
08:44:12.131 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR.txt"


Here are the two OTL logs:

OTL logfile created on: 11/24/2011 8:45:01 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\0
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.07% Memory free
16.00 Gb Paging File | 14.06 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.52 Gb Total Space | 860.84 Gb Free Space | 93.62% Space Free | Partition Type: NTFS

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 19:07:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\0\OTL.exe
PRC - [2011/11/08 18:39:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 12:17:26 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 18:39:37 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/03 10:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/17 21:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/11/23 19:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 19:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/12/14 18:41:05 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/14 18:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/05 19:47:34 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/23 00:24:40 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/10/13 03:12:04 | 001,244,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/05/17 21:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 20:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 07:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 14:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/04/22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 19:53:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 12:44:32 | 000,000,000 | ---D | M]

[2010/12/21 13:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions
[2011/11/23 19:37:55 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2011/11/23 11:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/23 11:18:10 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/08 18:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GREG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T69S2GXQ.DEFAULT\EXTENSIONS\{51EF49D2-624B-4194-8B97-1C468E9B0EFE}.XPI
() (No name found) -- C:\USERS\GREG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T69S2GXQ.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 18:39:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/16 18:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOpf.dll
[2011/10/01 20:45:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:39:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/24 08:18:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101221184206.dll (McAfee, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101221184206.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Update Service] C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.harris.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DEBC244-8724-440F-BE77-5279B092B3C3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 08:41:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
[2011/11/24 08:39:59 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2011/11/24 08:18:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/24 08:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/24 07:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 07:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 07:32:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 07:32:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/24 07:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/24 07:26:38 | 004,306,022 | R--- | C] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2011/11/23 11:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/23 11:18:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\panda2_0dn
[2011/11/23 09:30:38 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/23 09:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/23 09:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/11/23 09:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/23 09:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/11/23 08:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/23 08:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/23 08:57:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/20 11:55:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D47EE25-4B40-4880-8706-024BE752033A}
[2011/11/20 11:55:13 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{CE4332C5-0FAF-4A7A-9223-862568BACDF6}
[2011/11/19 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{37C34F90-4072-41CA-BB04-B679E4B6A2DB}
[2011/11/19 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{B0A1DF8E-2040-484D-9CB0-35AC67670B1B}
[2011/11/18 10:44:03 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{EEF986A2-2E69-4FCC-A1F1-962746223D33}
[2011/11/18 10:43:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{80030086-D953-40F0-94DE-B93548C332DD}
[2011/11/18 09:36:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\mfccrtEnum
[2011/11/18 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Fish tank
[2011/11/17 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9DDBBB5B-00F3-4B15-9559-11CAA9D579BD}
[2011/11/17 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{012795D7-0B37-46A3-BAFB-DB59B5727007}
[2011/11/15 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{38105170-B6E3-499F-AA0F-05CB74A7E5C7}
[2011/11/15 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9CFF1459-3D09-46F9-B2F7-6EED7F7E9EDF}
[2011/11/14 08:40:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{02F36651-9683-47E6-B2FE-935E4D8DD174}
[2011/11/14 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{38B75557-8286-47FF-9459-F4AD0108BA4F}
[2011/11/14 07:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{EC0E122E-C37C-4FF2-8034-C9221223AB3C}
[2011/11/13 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5AAABCC7-0E83-4AE6-946D-0EE68CD332AD}
[2011/11/13 08:38:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{AB5EC623-3BE0-42F5-9C6D-8B50E6C2A60F}
[2011/11/13 08:38:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E29D3DD8-968E-47AB-A5ED-E40D1101D8C9}
[2011/11/11 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{39801B03-7771-4CE8-9606-F8A51AC1F6FB}
[2011/11/11 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BBECD75F-4F14-44E7-B7C3-BDAB61BB059B}
[2011/11/10 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{AFD01ECC-D588-4797-960E-1097F573D713}
[2011/11/10 18:35:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3A074437-EC8C-493F-81FA-2D0BCC64C567}
[2011/11/10 06:26:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{46470403-5B10-4D0E-9E86-B02FF36104E9}
[2011/11/10 06:26:47 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{A373D596-67CF-4373-9186-6CECE4B807AA}
[2011/11/09 11:50:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BF58EE7C-D0DF-4D50-90E6-D162AA7F0872}
[2011/11/09 11:50:00 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F0F68A1-4930-4276-A5A2-F3118567AB2A}
[2011/11/08 21:23:51 | 000,000,000 | ---D | C] -- C:\Olivia
[2011/11/08 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{769478DE-F3D6-43AD-B9A6-4F6F3FB87EF2}
[2011/11/08 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{2128A5F5-0A24-4F47-9ABB-EECF71D550C4}
[2011/11/07 21:16:19 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{34BF9508-1CEF-431E-8BD8-84305DF72B09}
[2011/11/07 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{194EEF5E-06CB-4FFD-9FC8-1BE926E7D45B}
[2011/11/07 06:35:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3A8B536C-8C2E-4DE1-9F0B-7D241D981569}
[2011/11/07 06:35:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{49DC6BD8-FDF8-4D47-961C-43E68741C948}
[2011/11/06 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{84D1EE66-C40A-4D37-83BD-B07E3F2ED31E}
[2011/11/06 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1962FC13-92F4-45F6-BFE1-3CA1A81BAA84}
[2011/11/04 13:42:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F379C02-2B11-49B3-B5E8-5EF9A6B3346F}
[2011/11/04 13:41:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{55F3B63B-B077-44F8-BC61-11F803F3D671}
[2011/11/04 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/04 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Adobe Mini Bridge CS5
[2011/11/03 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{16A4DEA9-C923-4465-846D-74ABF12AEF66}
[2011/11/03 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E9C4BBFE-D8C3-4BB3-B736-DABB13098DA6}
[2011/11/03 06:23:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{D714B129-8AD2-4AC6-90E3-95CD2797E208}
[2011/11/03 06:23:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C6F816DA-A314-436F-934C-514083136129}
[2011/10/31 18:47:56 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C674F47E-F63A-434F-94DD-A90F781AB21E}
[2011/10/31 18:47:44 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1A4D3B09-01B3-4148-9579-A416A1893B5E}
[2011/10/31 18:45:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\JPEG
[2011/10/30 08:29:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C1985F22-BF6A-4286-87C4-7E1258316DE6}
[2011/10/30 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9CF3AE45-8062-4A92-B993-0AE5FD3C09D1}
[2011/10/29 07:37:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8704711B-C349-4506-8DA6-A99AE8D1DEA7}
[2011/10/29 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{42132690-EA46-46BB-B164-5BF493F4104E}
[2011/10/28 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{67BD943C-1F95-439A-9750-64F3FFE7A2FB}
[2011/10/28 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1FE4E568-C90A-439B-84AB-4297400D13CF}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 08:44:12 | 000,000,512 | ---- | M] () -- C:\Users\Greg\Desktop\MBR.dat
[2011/11/24 08:41:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
[2011/11/24 08:40:01 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2011/11/24 08:25:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 08:25:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 08:22:17 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/24 08:22:17 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/24 08:22:17 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/24 08:18:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/24 08:18:09 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/24 08:18:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/24 08:17:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/24 08:17:53 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/24 07:26:47 | 004,306,022 | R--- | M] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2011/11/23 13:08:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/18 16:01:58 | 000,000,646 | ---- | M] () -- C:\Users\Greg\Desktop\Photos - Shortcut.lnk
[2011/11/17 12:17:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 12:40:23 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/12 07:42:40 | 000,109,449 | ---- | M] () -- C:\Users\Greg\Desktop\FreeNano.jpg
[2011/11/10 12:02:03 | 000,001,456 | ---- | M] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/09 03:20:29 | 005,054,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 18:39:54 | 000,002,050 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/04 11:04:45 | 000,001,068 | ---- | M] () -- C:\Users\Greg\Desktop\Glary Utilities.lnk
[2011/11/04 08:07:09 | 000,440,158 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111118-091310.backup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/24 08:44:12 | 000,000,512 | ---- | C] () -- C:\Users\Greg\Desktop\MBR.dat
[2011/11/24 07:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 07:32:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 07:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 07:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 07:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 12:55:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/18 16:01:58 | 000,000,646 | ---- | C] () -- C:\Users\Greg\Desktop\Photos - Shortcut.lnk
[2011/11/12 07:42:40 | 000,109,449 | ---- | C] () -- C:\Users\Greg\Desktop\FreeNano.jpg
[2011/10/18 15:50:33 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2011/08/14 17:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/08/14 16:30:14 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/14 16:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/14 16:30:14 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/14 16:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/14 16:30:14 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/14 16:30:14 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/14 16:30:14 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/14 16:30:14 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/14 16:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/14 16:30:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/14 16:30:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/14 16:30:14 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/14 16:30:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/14 16:30:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/14 16:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/14 16:30:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/14 16:25:32 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
[2011/03/29 17:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011/03/04 16:46:27 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/21 16:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/02/19 08:38:31 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/15 05:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2011/01/15 16:30:39 | 000,001,456 | ---- | C] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/21 15:39:14 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010/12/21 13:40:38 | 000,001,404 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2010/12/14 20:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/14 19:55:59 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/14 18:41:51 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/14 18:41:51 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/14 18:41:51 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/14 18:41:50 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/14 18:41:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 01:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 01:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2002/07/13 12:00:00 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\tsseShrd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:FA7CDE12
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0CFF5F08

< End of report >

OTL Extras logfile created on: 11/24/2011 8:45:01 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\0
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.07% Memory free
16.00 Gb Paging File | 14.06 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.52 Gb Total Space | 860.84 Gb Free Space | 93.62% Space Free | Partition Type: NTFS

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{76202DBC-6FDA-47EA-B32F-F88512C03B18}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Alien Skin Exposure 3" = Alien Skin Exposure 3
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"EPSON WorkForce 630 Series" = EPSON WorkForce 630 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{023BA8E3-4B82-44AE-8B45-5AF3DF53B8B3}" = FlipViewer 4.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AE5481-1D87-5BAA-A18E-176953166A1D}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
"{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{422C8A4F-B350-4CB7-A20A-4391CF36D1A5}" = USB2.0 TVBOX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
"{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
"{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
"{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
"{AFC0FD4A-ED54-45D7-AD10-0D9187D85DEA}" = FlipAlbum Standard
"{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
"{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BFGC" = Big Fish Games: Game Manager
"BFG-Diego Dinosaur Rescue" = Diego Dinosaur Rescue
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Dock" = Dell Dock
"Dfine 2.0 Stand-Alone" = Dfine 2.0
"EPSON Scanner" = EPSON Scan
"FBackup 4_is1" = FBackup 4
"Glary Utilities_is1" = Glary Utilities 2.39.0.1310
"GoToAssist" = GoToAssist 8.0.0.514
"HandyBits File Shredder" = HandyBits File Shredder
"HDR Efex Pro" = HDR Efex Pro
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MVApplication1" = Memorex exPressit Label Design Studio
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"Pen Tablet Driver" = Bamboo
"Sharpener Pro 3.0 Stand-Alone" = Sharpener Pro 3.0
"Silver Efex Pro 2" = Silver Efex Pro 2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"uTorrent" = µTorrent
"Viveza 2" = Viveza 2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2011 8:48:17 AM | Computer Name = Greg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/13/2011 1:31:09 AM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/13/2011 1:34:15 AM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/14/2011 8:09:32 AM | Computer Name = Greg-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4
Faulting
process id: 0x5fc58 Faulting application start time: 0x01cca2c5ff7f7250 Faulting
application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 81fe3ed2-0eb9-11e1-8d4e-842b2bb21184

Error - 11/14/2011 8:09:39 AM | Computer Name = Greg-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4
Faulting
process id: 0x60200 Faulting application start time: 0x01cca2c64794a683 Faulting
application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 869f9dad-0eb9-11e1-8d4e-842b2bb21184

Error - 11/14/2011 8:09:44 AM | Computer Name = Greg-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4
Faulting
process id: 0x601dc Faulting application start time: 0x01cca2c647947f72 Faulting
application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 896b9969-0eb9-11e1-8d4e-842b2bb21184

Error - 11/14/2011 8:09:53 AM | Computer Name = Greg-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4
Faulting
process id: 0x6038c Faulting application start time: 0x01cca2c64f9b0f08 Faulting
application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 8eefba76-0eb9-11e1-8d4e-842b2bb21184

Error - 11/15/2011 1:30:10 AM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/15/2011 1:30:27 AM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/15/2011 2:17:05 PM | Computer Name = Greg-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d762323 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4
Faulting
process id: 0x76ac0 Faulting application start time: 0x01cca3c1b412374a Faulting
application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 058c4257-0fb6-11e1-8d4e-842b2bb21184

[ Dell Events ]
Error - 12/21/2010 2:32:37 PM | Computer Name = Greg-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 11/24/2011 8:22:49 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Personal Firewall Service service depends on the Windows
Firewall service which failed to start because of the following error: %%1068

Error - 11/24/2011 8:22:49 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Firewall Authorization Driver service failed to start
due to the following error: %%183

Error - 11/24/2011 8:22:49 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Windows Firewall Authorization
Driver service which failed to start because of the following error: %%183

Error - 11/24/2011 8:22:49 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Personal Firewall Service service depends on the Windows
Firewall service which failed to start because of the following error: %%1068

Error - 11/24/2011 8:35:17 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/24/2011 8:41:18 AM | Computer Name = Greg-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/24/2011 9:00:56 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/24/2011 9:02:18 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/24/2011 9:17:58 AM | Computer Name = Greg-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:15:53 AM on ?11/?24/?2011 was unexpected.

Error - 11/24/2011 9:18:12 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Looking better.

Looks like the virus killed off McAfee, Spybot S&D, and Windows Live (tho that may have been broken before. I don't think it really works all that well on 64 bit systems).


Uninstall Spybot S&D, Windows Live Essentials (If you really use this then you can reinstall it when we are done but I think Windows Live is just a waste of CPU time myself). Spybot is OK but do not use the tea-timer or let it immunize your system as this will slow things down quite a bit. Again wait until we are done before you reinstall it.
Also uninstall
Java™ 6 Update 24 and Java™ 6 Update 21 (64-bit) (The latest version is 6 Update 29 which is why you got infected. Get the latest at http://java.com/en/ note you need to visit this site with both the regular IE and the 64 bit version in order to get both versions)

Adobe Reader 9.4.6 (obsolete and vulnerable- update to the latest at adobe.com)
AVG 2012
Download, Save and Run the AVG removal tool:
http://download.avg....4_2012_1796.exe

Let's temporarily install the free Avast anti-virus:
Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...px?id=TS100507. Avast is better than McAfee and it's free but some people are required to run McAfee and others have just paid the license fee so feel obligated to keep running it. )
Uninstall McAfee SecurityCenter, run the McAfee uninstall tool, reboot.
Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? (Usually the text version of the file is at:
C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt so you can copy and paste it into a reply. )

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Run Combofix one more time. Post the new log.

Run aswMBR again but this time do not uncheck trace disk IO calls before hitting Scan. Post the log if it works. If not go on to the next step.

Run OTL quickscan and post the log.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok Ron, I did the following:

1. Uninstalled Spybot S&D.
2. Uninstalled Windows Live Essentials
3. Uninstalled Java 6 Update 24
4. Uninstalled Java 6 update 21 (64 Bit)
5. Went to the site and downloaded and installed Java.
6. Uninstalled Adobe Reader 9.4.6 and then went to adobe.com and downloaded latest version of reader.
7. Downloaded and ran AVG removal tool.
8. Downloaded and removed McAfee tool, uninstalled mcAfee and then ran removal tool.
8. Installed Avast.
9. ran the Avast scan you required and it found 41 problems.
10. I followed all of your instructions and all of the logs are listed below:

Here is the AVAST log:

11/24/2011 17:58
Scan of all local drives

File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#1ac7] is infected by Win32:Malware-gen, Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\43e0ff90-786bc7ce|>bingo\dipler.class is infected by Java:Agent-LB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\43e0ff90-786bc7ce|>bingo\efir.class is infected by Java:Agent-LC [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7059ff11-659bcf6b|>json\Parser.class is infected by Java:Agent-ZD [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7059ff11-659bcf6b|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\67e22353-410ec627|>glass\lulux.class is infected by Java:Agent-WY [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1124bc42-130f395c|>folder\Glocker.class is infected by Java:Agent-EC [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1124bc42-130f395c|>folder\Ump_45.class is infected by Java:Agent-OB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4b89915-3bec200c|>folder\boing.class is infected by Java:Agent-OB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\852be15-17eae930|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\852be15-17eae930|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\852be15-17eae930|>rotor\zalux$vrkr.class is infected by Java:Agent-KU [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\852be15-17eae930|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\852be15-17eae930|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\852be15-17eae930|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7895b09b-2be152d0|>bpac\a$1.class is infected by Java:Agent-BJ [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7895b09b-2be152d0|>bpac\a.class is infected by Java:Agent-BW [Trj], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7895b09b-2be152d0|>bpac\b.class is infected by Java:Agent-OG [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-782576fc|>bpac\a$1.class is infected by Java:Agent-BJ [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-782576fc|>bpac\a.class is infected by Java:Agent-BW [Trj], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-782576fc|>bpac\b.class is infected by Java:Agent-OG [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\344e7643-1a22397a|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\344e7643-1a22397a|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\344e7643-1a22397a|>rotor\zalux$vrkr.class is infected by Java:Agent-KU [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\344e7643-1a22397a|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\344e7643-1a22397a|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\344e7643-1a22397a|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7f267520-57b2f4c4|>Kwwwa5o5j4.class is infected by Java:Jade-B [Heur], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\54529aec-68fa12bd|>folder\Glocker.class is infected by Java:Agent-EC [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\54529aec-68fa12bd|>folder\Ump_45.class is infected by Java:Agent-OB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2d80a0f3-3cb76b7d|>folder\Glocker.class is infected by Java:Agent-OZ [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\2d80a0f3-3cb76b7d|>folder\Ump_45.class is infected by Java:Agent-OB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4db49439-4ac0ed24|>folder\Glocker.class is infected by Java:Agent-EC [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4db49439-4ac0ed24|>folder\Ump_45.class is infected by Java:Agent-OB [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4beff388-30b4da85|>buildService\Cid.class is infected by Java:Agent-UM [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4beff388-30b4da85|>buildService\ClassId.class is infected by Java:Agent-US [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4beff388-30b4da85|>buildService\ClassType.class is infected by Java:Agent-UN [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4beff388-30b4da85|>buildService\MailAgent.class is infected by Java:Agent-UL [Expl], Moved to chest
File C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4beff388-30b4da85|>buildService\VirtualTable.class is infected by Java:Agent-UP [Expl], Moved to chest
File C:\Windows\assembly\GAC_64\Desktop.ini is infected by Win32:Malware-gen, Moved to chest
Number of searched folders: 38577
Number of tested files: 511812
Number of infected files: 41

Here is the combofix log:

ComboFix 11-11-24.01 - Greg 11/24/2011 18:53:34.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6481 [GMT -5:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 23:57 . 2011-11-24 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 22:53 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 22:53 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-24 22:53 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-24 22:53 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-24 22:53 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-24 22:53 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-24 22:52 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-24 22:52 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-24 22:52 . 2011-09-06 21:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-24 22:52 . 2011-11-24 22:52 -------- d-----w- c:\programdata\AVAST Software
2011-11-24 22:52 . 2011-11-24 22:52 -------- d-----w- c:\program files\AVAST Software
2011-11-24 17:47 . 2011-11-24 17:47 -------- d-----w- c:\program files\Java
2011-11-23 16:54 . 2011-11-23 16:54 -------- d-----w- c:\program files (x86)\ESET
2011-11-23 16:18 . 2011-11-23 16:39 -------- d-----w- c:\users\Greg\AppData\Local\panda2_0dn
2011-11-23 14:30 . 2011-11-23 14:30 -------- d-----w- C:\$AVG
2011-11-23 14:17 . 2011-11-24 00:38 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-23 14:17 . 2011-11-24 00:37 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-11-23 14:16 . 2011-11-23 16:18 -------- d-----w- c:\program files (x86)\Panda Security
2011-11-23 14:16 . 2011-11-23 16:02 -------- d-----w- c:\programdata\Panda Security
2011-11-23 13:59 . 2011-11-24 22:37 -------- d-----w- c:\programdata\AVG2012
2011-11-23 13:59 . 2011-11-24 00:50 -------- d-----w- c:\program files (x86)\AVG
2011-11-23 13:57 . 2011-11-23 13:57 -------- d--h--w- c:\programdata\Common Files
2011-11-18 14:36 . 2011-11-18 22:22 -------- d-----w- c:\users\Greg\AppData\Local\mfccrtEnum
2011-11-14 12:32 . 2011-11-24 00:52 -------- d-----w- c:\windows\system32\Macromed
2011-11-09 02:23 . 2011-11-09 02:24 -------- d-----w- C:\Olivia
2011-11-08 23:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 23:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 23:00 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:00 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 18:27 . 2011-11-04 18:27 -------- d-----w- c:\users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-04 18:27 . 2011-11-04 18:27 -------- d-----w- c:\users\Greg\AppData\Roaming\Adobe Mini Bridge CS5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 17:47 . 2010-12-14 23:29 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 17:17 . 2011-05-16 16:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 09:19 . 2011-04-14 21:52 589896 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2011-10-11 09:19 . 2011-04-14 21:52 421448 ----a-w- c:\windows\system32\dsNcCredProv.dll
2011-10-11 09:11 . 2011-10-11 09:11 344064 ----a-w- c:\windows\SysWow64\dsGinaLoaderX64.dll
2011-09-28 18:39 . 2011-10-18 20:50 4608 ----a-w- c:\windows\SysWow64\ColorEfexPro4FC64.dll
2011-09-28 18:39 . 2011-09-22 16:31 4608 ----a-w- c:\windows\system32\ColorEfexPro4FC64.dll
2011-09-22 16:30 . 2011-09-22 16:30 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2011-09-01 05:24 . 2011-10-12 07:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 07:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 21:00 . 2010-12-21 18:53 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 05:37 . 2011-10-12 02:29 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 02:29 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 02:29 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 02:29 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( [email protected]_13.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-14 23:59 . 2011-11-24 23:43 54574 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-24 22:48 30054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 19:14 . 2011-11-24 22:48 13500 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-239037148-1875325253-1495086905-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-11-24 22:40 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-16 18:02 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-01-09 12:55 . 2011-11-24 22:46 13517 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2011-01-09 12:55 . 2011-11-23 20:45 13517 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2010-12-21 18:12 . 2011-11-24 22:42 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-21 18:12 . 2011-11-23 23:57 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-21 18:12 . 2011-11-24 22:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-21 18:12 . 2011-11-23 23:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-24 22:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-23 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-11-24 22:54 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-06 17:55 . 2011-06-06 17:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2010-12-22 16:05 . 2011-11-24 17:40 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-23 23:57 . 2011-11-24 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-24 23:41 . 2011-11-24 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-23 23:57 . 2011-11-24 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-24 23:41 . 2011-11-24 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-21 19:13 . 2011-11-24 22:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-12-21 19:13 . 2011-11-24 12:59 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-11-24 12:59 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-24 23:42 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2011-11-24 00:01 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-24 23:46 626844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-24 23:46 107160 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-24 00:01 107160 c:\windows\system32\perfc009.dat
+ 2011-11-24 17:47 . 2011-11-24 17:47 190752 c:\windows\system32\javaws.exe
+ 2011-11-24 17:47 . 2011-11-24 17:47 171808 c:\windows\system32\javaw.exe
+ 2011-11-24 17:47 . 2011-11-24 17:47 171808 c:\windows\system32\java.exe
+ 2009-07-14 05:30 . 2011-11-24 22:40 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-16 18:02 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-24 22:40 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-10-16 18:02 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2011-11-24 22:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-23 23:57 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-23 22:07 538092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-24 22:57 538092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-24 17:46 . 2011-11-24 17:46 908800 c:\windows\Installer\2c160.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
- 2009-07-14 04:54 . 2011-11-24 12:59 3637248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-24 23:42 3637248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-24 12:59 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-24 23:42 1130496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2011-11-24 17:44 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-15 06:28 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-12-21 19:10 . 2011-11-23 20:41 1280536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-21 19:10 . 2011-11-24 22:46 1280536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\1160b31.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2010-12-21 23:43 . 2011-11-24 22:57 11051104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-239037148-1875325253-1495086905-1000-12288.dat
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\1160b32.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="c:\progra~2\COMMON~1\TEKNUM~1\update.exe" [2010-12-21 19456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-10-16 4577760]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-12-21 17:08]
.
2011-11-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-11-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-24 18:58:56
ComboFix-quarantined-files.txt 2011-11-24 23:58
ComboFix2.txt 2011-11-24 13:34
.
Pre-Run: 921,720,635,392 bytes free
Post-Run: 921,559,334,912 bytes free
.
- - End Of File - - 281B98A977BB9D747289299695D46FBF

Here is the aswMBR log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 18:59:41
-----------------------------
18:59:41.465 OS Version: Windows x64 6.1.7601 Service Pack 1
18:59:41.465 Number of processors: 6 586 0xA00
18:59:41.465 ComputerName: GREG-PC UserName: Greg
18:59:42.880 Initialize success
18:59:42.940 AVAST engine defs: 11112401
19:00:09.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
19:00:09.660 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 11
19:00:11.681 Disk 0 MBR read successfully
19:00:11.686 Disk 0 MBR scan
19:00:11.694 Disk 0 Windows VISTA default MBR code
19:00:11.701 Service scanning
19:00:12.788 Modules scanning
19:00:12.796 Disk 0 trace - called modules:
19:00:12.805 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
19:00:12.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af5060]
19:00:12.823 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8006b19040]
19:00:12.832 5 amdxata.sys[fffff880010857a8] -> nt!IofCallDriver -> \Device\00000062[0xfffffa800746e500]
19:00:15.937 AVAST engine scan C:\Windows
19:00:17.785 AVAST engine scan C:\Windows\system32
19:01:18.271 AVAST engine scan C:\Windows\system32\drivers
19:01:25.480 AVAST engine scan C:\Users\Greg
19:08:35.777 AVAST engine scan C:\ProgramData
19:10:13.658 Scan finished successfully
19:13:22.435 Disk 0 MBR has been saved successfully to "C:\Users\Greg\Desktop\logs\MBR.dat"
19:13:22.438 The log file has been saved successfully to "C:\Users\Greg\Desktop\logs\aswMBR.txt"

Here is the OTL log:

OTL logfile created on: 11/24/2011 7:13:41 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\0
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 72.50% Memory free
16.00 Gb Paging File | 13.87 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.52 Gb Total Space | 858.13 Gb Free Space | 93.32% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 19:07:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\0\OTL.exe
PRC - [2011/11/08 18:39:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/16 01:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 01:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 12:17:26 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 18:39:37 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/03 10:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/17 21:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/23 19:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 19:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/10/11 04:19:14 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/22 11:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/14 18:41:05 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/14 18:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/05 19:47:34 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/23 00:24:40 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/10/13 03:12:04 | 001,244,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/05/17 21:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 20:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 07:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 14:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/04/22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/24 17:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 17:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/24 17:45:16 | 000,000,000 | ---D | M]

[2010/12/21 13:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions
[2011/11/23 19:37:55 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2011/11/23 11:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/23 11:18:10 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\t69s2gxq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/08 18:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GREG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T69S2GXQ.DEFAULT\EXTENSIONS\{51EF49D2-624B-4194-8B97-1C468E9B0EFE}.XPI
() (No name found) -- C:\USERS\GREG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T69S2GXQ.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 18:39:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/16 18:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOpf.dll
[2011/10/01 20:45:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:39:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/24 08:18:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Update Service] C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///D:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///D:/activeX/aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.harris.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DEBC244-8724-440F-BE77-5279B092B3C3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\logs
[2011/11/24 17:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/24 17:53:14 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/24 17:53:11 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/24 17:53:08 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/24 17:53:07 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/24 17:53:04 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/24 17:53:00 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/24 17:52:59 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/24 17:52:37 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/24 17:52:37 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/24 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/24 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/24 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/24 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\Outlook Files
[2011/11/24 12:03:47 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F02E664-ED6C-423A-A960-BDDF11A8D502}
[2011/11/24 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{2E3FD57D-EC29-42DA-B334-16806FC1BB07}
[2011/11/24 08:41:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
[2011/11/24 08:39:59 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2011/11/24 07:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 07:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 07:32:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 07:32:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/24 07:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/24 07:26:38 | 004,306,729 | R--- | C] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2011/11/23 11:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/23 11:18:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\panda2_0dn
[2011/11/23 09:30:38 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/23 09:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/23 09:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/11/23 09:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/23 09:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/11/23 08:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/23 08:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/23 08:57:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/20 11:55:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D47EE25-4B40-4880-8706-024BE752033A}
[2011/11/20 11:55:13 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{CE4332C5-0FAF-4A7A-9223-862568BACDF6}
[2011/11/19 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{37C34F90-4072-41CA-BB04-B679E4B6A2DB}
[2011/11/19 07:56:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{B0A1DF8E-2040-484D-9CB0-35AC67670B1B}
[2011/11/18 10:44:03 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{EEF986A2-2E69-4FCC-A1F1-962746223D33}
[2011/11/18 10:43:52 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{80030086-D953-40F0-94DE-B93548C332DD}
[2011/11/18 09:36:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\mfccrtEnum
[2011/11/18 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Fish tank
[2011/11/17 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9DDBBB5B-00F3-4B15-9559-11CAA9D579BD}
[2011/11/17 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{012795D7-0B37-46A3-BAFB-DB59B5727007}
[2011/11/15 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{38105170-B6E3-499F-AA0F-05CB74A7E5C7}
[2011/11/15 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9CFF1459-3D09-46F9-B2F7-6EED7F7E9EDF}
[2011/11/14 08:40:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{02F36651-9683-47E6-B2FE-935E4D8DD174}
[2011/11/14 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{38B75557-8286-47FF-9459-F4AD0108BA4F}
[2011/11/14 07:32:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{EC0E122E-C37C-4FF2-8034-C9221223AB3C}
[2011/11/13 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{5AAABCC7-0E83-4AE6-946D-0EE68CD332AD}
[2011/11/13 08:38:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{AB5EC623-3BE0-42F5-9C6D-8B50E6C2A60F}
[2011/11/13 08:38:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E29D3DD8-968E-47AB-A5ED-E40D1101D8C9}
[2011/11/11 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{39801B03-7771-4CE8-9606-F8A51AC1F6FB}
[2011/11/11 21:41:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BBECD75F-4F14-44E7-B7C3-BDAB61BB059B}
[2011/11/10 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{AFD01ECC-D588-4797-960E-1097F573D713}
[2011/11/10 18:35:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3A074437-EC8C-493F-81FA-2D0BCC64C567}
[2011/11/10 06:26:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{46470403-5B10-4D0E-9E86-B02FF36104E9}
[2011/11/10 06:26:47 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{A373D596-67CF-4373-9186-6CECE4B807AA}
[2011/11/09 11:50:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{BF58EE7C-D0DF-4D50-90E6-D162AA7F0872}
[2011/11/09 11:50:00 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F0F68A1-4930-4276-A5A2-F3118567AB2A}
[2011/11/08 21:23:51 | 000,000,000 | ---D | C] -- C:\Olivia
[2011/11/08 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{769478DE-F3D6-43AD-B9A6-4F6F3FB87EF2}
[2011/11/08 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{2128A5F5-0A24-4F47-9ABB-EECF71D550C4}
[2011/11/07 21:16:19 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{34BF9508-1CEF-431E-8BD8-84305DF72B09}
[2011/11/07 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{194EEF5E-06CB-4FFD-9FC8-1BE926E7D45B}
[2011/11/07 06:35:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3A8B536C-8C2E-4DE1-9F0B-7D241D981569}
[2011/11/07 06:35:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{49DC6BD8-FDF8-4D47-961C-43E68741C948}
[2011/11/06 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{84D1EE66-C40A-4D37-83BD-B07E3F2ED31E}
[2011/11/06 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1962FC13-92F4-45F6-BFE1-3CA1A81BAA84}
[2011/11/04 13:42:01 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{3F379C02-2B11-49B3-B5E8-5EF9A6B3346F}
[2011/11/04 13:41:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{55F3B63B-B077-44F8-BC61-11F803F3D671}
[2011/11/04 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/04 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Adobe Mini Bridge CS5
[2011/11/03 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{16A4DEA9-C923-4465-846D-74ABF12AEF66}
[2011/11/03 19:09:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{E9C4BBFE-D8C3-4BB3-B736-DABB13098DA6}
[2011/11/03 06:23:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{D714B129-8AD2-4AC6-90E3-95CD2797E208}
[2011/11/03 06:23:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C6F816DA-A314-436F-934C-514083136129}
[2011/10/31 18:47:56 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C674F47E-F63A-434F-94DD-A90F781AB21E}
[2011/10/31 18:47:44 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1A4D3B09-01B3-4148-9579-A416A1893B5E}
[2011/10/31 18:45:41 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\JPEG
[2011/10/30 08:29:21 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{C1985F22-BF6A-4286-87C4-7E1258316DE6}
[2011/10/30 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{9CF3AE45-8062-4A92-B993-0AE5FD3C09D1}
[2011/10/29 07:37:49 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{8704711B-C349-4506-8DA6-A99AE8D1DEA7}
[2011/10/29 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{42132690-EA46-46BB-B164-5BF493F4104E}
[2011/10/28 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{67BD943C-1F95-439A-9750-64F3FFE7A2FB}
[2011/10/28 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{1FE4E568-C90A-439B-84AB-4297400D13CF}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 19:14:51 | 000,003,029 | ---- | M] () -- C:\Users\Greg\Desktop\Microsoft Outlook 2010.lnk
[2011/11/24 18:52:43 | 004,306,729 | R--- | M] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2011/11/24 18:48:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 18:48:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 18:46:05 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/24 18:46:05 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/24 18:46:05 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/24 18:41:35 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/24 18:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/24 17:58:18 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/24 17:53:15 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/24 17:53:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/24 17:46:53 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/24 17:45:17 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/24 12:28:43 | 000,026,354 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/11/24 12:27:11 | 000,026,350 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/11/24 12:14:25 | 000,001,133 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/24 08:44:12 | 000,000,512 | ---- | M] () -- C:\Users\Greg\Desktop\MBR.dat
[2011/11/24 08:41:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
[2011/11/24 08:40:01 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2011/11/24 08:18:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/23 13:08:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/18 16:01:58 | 000,000,646 | ---- | M] () -- C:\Users\Greg\Desktop\Photos - Shortcut.lnk
[2011/11/16 12:40:23 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/12 07:42:40 | 000,109,449 | ---- | M] () -- C:\Users\Greg\Desktop\FreeNano.jpg
[2011/11/10 12:02:03 | 000,001,456 | ---- | M] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/09 03:20:29 | 005,054,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 18:39:54 | 000,002,050 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/04 11:04:45 | 000,001,068 | ---- | M] () -- C:\Users\Greg\Desktop\Glary Utilities.lnk
[2011/11/04 08:07:09 | 000,440,158 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111118-091310.backup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/24 19:14:51 | 000,003,029 | ---- | C] () -- C:\Users\Greg\Desktop\Microsoft Outlook 2010.lnk
[2011/11/24 17:53:15 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/24 17:52:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/24 17:45:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/24 17:45:17 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/24 12:28:43 | 000,026,354 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/11/24 12:27:11 | 000,026,350 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/11/24 12:14:25 | 000,001,133 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/24 08:44:12 | 000,000,512 | ---- | C] () -- C:\Users\Greg\Desktop\MBR.dat
[2011/11/24 07:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 07:32:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 07:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 07:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 07:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 12:55:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/18 16:01:58 | 000,000,646 | ---- | C] () -- C:\Users\Greg\Desktop\Photos - Shortcut.lnk
[2011/11/12 07:42:40 | 000,109,449 | ---- | C] () -- C:\Users\Greg\Desktop\FreeNano.jpg
[2011/10/18 15:50:33 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2011/08/14 17:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/08/14 16:30:14 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/14 16:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/14 16:30:14 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/14 16:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/14 16:30:14 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/14 16:30:14 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/14 16:30:14 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/14 16:30:14 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/14 16:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/14 16:30:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/14 16:30:14 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/14 16:30:14 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/14 16:30:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/14 16:30:14 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/14 16:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/14 16:30:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/14 16:25:32 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
[2011/03/29 17:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011/03/04 16:46:27 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/21 16:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/02/19 08:38:31 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/15 05:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2011/01/15 16:30:39 | 000,001,456 | ---- | C] () -- C:\Users\Greg\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/21 15:39:14 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010/12/21 13:40:38 | 000,001,404 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2010/12/14 20:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/14 19:55:59 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/14 18:41:51 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/14 18:41:51 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/14 18:41:51 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/14 18:41:50 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/14 18:41:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 01:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 01:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2002/07/13 12:00:00 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\tsseShrd.dll

========== LOP Check ==========

[2011/08/26 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Alien Skin
[2011/03/09 05:08:03 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Amazon
[2011/01/27 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/18 09:11:29 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\EBookSys
[2011/11/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Epson
[2011/11/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\GlarySoft
[2011/01/09 20:42:38 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\HDRsoft
[2011/11/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Juniper Networks
[2011/08/14 16:40:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leadertech
[2011/01/30 07:58:03 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Nik Software
[2010/12/22 10:08:00 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PCDr
[2011/11/23 19:51:27 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Softland
[2011/11/04 13:27:14 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/18 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\uTorrent
[2010/12/31 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Windows Live Writer
[2010/12/30 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\WTouch
[2011/11/24 18:41:35 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/11/16 12:40:23 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/03 11:45:59 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/24 17:46:53 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:FA7CDE12
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0CFF5F08

< End of report >


After the sfc /scannow

It reported:

Windows Resource Preotection did not find any integrity violations.

Here is the System VEW log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/11/2011 7:30:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/11/2011 12:18:35 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: RxFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/11/2011 12:18:13 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 25/11/2011 12:17:27 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/11/2011 12:17:27 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

and here is the application VEW log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/11/2011 7:32:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/11/2011 12:19:57 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 25/11/2011 12:19:57 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/11/2011 12:17:24 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-239037148-1875325253-1495086905-1000:
Process 724 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-239037148-1875325253-1495086905-1000
Process 724 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-239037148-1875325253-1495086905-1000
Process 724 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-239037148-1875325253-1495086905-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 724 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-239037148-1875325253-1495086905-1000\Software\Microsoft\SystemCertificates\My
Process 724 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-239037148-1875325253-1495086905-1000\Software\Microsoft\SystemCertificates\CA
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
As you can see from what Avast removed, the infection was via Java. That's why keeping it up to date is so important.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[2011/11/23 13:08:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\7G86RqHD.dat
[2011/11/16 12:40:23 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/24 18:41:35 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/11/24 17:46:53 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job    

:Commands
[RESETHOSTS]
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

IF you have trouble getting online after this then first try:

Start, All Programs, Accessories then right click on Command Prompt and Run As Admin. Type with an Enter after each line:



netsh  winsock  reset catalog
netsh int ipv4 reset %userprofile%\Desktop\reset4.log 
netsh int ipv6 reset %userprofile%\Desktop\reset6.log 

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test.

If it still doesn't work then do a System Restore to a point just before you ran the OTL script.

Cozi Express is not happy so I would uninstall it. Doesn't appear that the software is happy in a 64bit environment.


Ron
  • 0

#7
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I ran the OTL as requested and now cannot connect to the Internet via Firefox. I have internet access through IE but not Firefox.

Also, whent the system boots I get the following error from Avast:

avast! will not be able to protect mail/news (error 10093).
Please check that avast! service (AvastSvc.exe) is not blocked by your personal firewall.



I attempted a system restore but I do not have a restore point just before hte OTL script. The last restore point I have is from lst night at 7:36 with a description of Windows Update - Critical Update.


Greg
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Is the IE that works 32 or 64 bit?
  • 0

#9
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
IE 64 Bit works fine.

Also, Microsoft Outlook no longer works, when I start MS Outlook, it immediately states "Microsoft Outlook has stopped working".

Edited by gregandmellina, 25 November 2011 - 02:16 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Does the IE 32 bit work too?

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters /s > \junk2.txt

Start, Programs, Accessories then right click on Command Prompt and select Run As Admin.

Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

notepad \junk2.txt

(Space before \) Copy and paste the text from notepad into a reply.

Ron
  • 0

Advertisements


#11
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
IE 32 bit does not work at all. It actually never opens.

Here is the notepad:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters
NameSpace_Callout REG_EXPAND_SZ %SystemRoot%\System32\fwpuclnt.dll
WinSock_Registry_Version REG_SZ 2.0
AutodialDLL REG_SZ rasadhlp.dll
Current_NameSpace_Catalog REG_SZ NameSpace_Catalog5
Current_Protocol_Catalog REG_SZ Protocol_Catalog9

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\06EBDCB1
AppFullPath REG_SZ C:\Windows\system32\wininit.exe
PermittedLspCategories REG_DWORD 0x80000040

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651
AppFullPath REG_SZ C:\Windows\system32\svchost.exe
AppArgs REG_SZ -k NetworkService
PermittedLspCategories REG_DWORD 0x80000044

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0
AppFullPath REG_SZ C:\Windows\system32\svchost.exe
AppArgs REG_SZ -k LocalServiceNetworkRestricted
PermittedLspCategories REG_DWORD 0x80000040

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA
AppFullPath REG_SZ C:\Windows\system32\svchost.exe
AppArgs REG_SZ -k LocalServiceAndNoImpersonation
PermittedLspCategories REG_DWORD 0x80000044

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0
AppFullPath REG_SZ C:\Windows\system32\svchost.exe
AppArgs REG_SZ -k LocalService
PermittedLspCategories REG_DWORD 0x80000044

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\343305C9
AppFullPath REG_SZ C:\Windows\system32\lsass.exe
PermittedLspCategories REG_DWORD 0x80000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
Num_Catalog_Entries REG_DWORD 0x4
Serial_Access_Num REG_DWORD 0xf
Num_Catalog_Entries64 REG_DWORD 0x6

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
LibraryPath REG_SZ %SystemRoot%\System32\mswsock.dll
DisplayString REG_SZ Tcpip
ProviderId REG_BINARY 409D05229E7ECF11AE5A00AA00A7112B
SupportedNameSpace REG_DWORD 0xc
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x0
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
LibraryPath REG_SZ %SystemRoot%\System32\winrnr.dll
DisplayString REG_SZ NTDS
ProviderId REG_BINARY EE37263B80E5CF11A55500C04FD8D4AC
SupportedNameSpace REG_DWORD 0x20
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
LibraryPath REG_SZ %SystemRoot%\System32\mswsock.dll
DisplayString REG_SZ NLA-navneomr†de (Network Location Awareness)
ProviderId REG_BINARY 3A244266A83BA64ABAA52E0BD71FDD83
SupportedNameSpace REG_DWORD 0xf
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x0
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001
LibraryPath REG_SZ mswsock.dll
DisplayString REG_SZ @%SystemRoot%\system32\nlasvc.dll,-1000
ProviderId REG_BINARY 3A244266A83BA64ABAA52E0BD71FDD83
SupportedNameSpace REG_DWORD 0xf
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002
LibraryPath REG_SZ %SystemRoot%\system32\napinsp.dll
DisplayString REG_SZ @%SystemRoot%\system32\napinsp.dll,-1000
ProviderId REG_BINARY A2CB4A96BCB2EB408C6AA6DB40161CAE
SupportedNameSpace REG_DWORD 0x25
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003
LibraryPath REG_SZ %SystemRoot%\system32\pnrpnsp.dll
DisplayString REG_SZ @%SystemRoot%\system32\pnrpnsp.dll,-1000
ProviderId REG_BINARY CE89FE036D767649B9C1BB9BC42C7B4D
SupportedNameSpace REG_DWORD 0x27
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004
LibraryPath REG_SZ %SystemRoot%\system32\pnrpnsp.dll
DisplayString REG_SZ @%SystemRoot%\system32\pnrpnsp.dll,-1001
ProviderId REG_BINARY CD89FE036D767649B9C1BB9BC42C7B4D
SupportedNameSpace REG_DWORD 0x26
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005
LibraryPath REG_SZ mswsock.dll
DisplayString REG_SZ @%SystemRoot%\system32\wshtcpip.dll,-60103
ProviderId REG_BINARY 409D05229E7ECF11AE5A00AA00A7112B
SupportedNameSpace REG_DWORD 0xc
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006
LibraryPath REG_SZ %SystemRoot%\System32\winrnr.dll
DisplayString REG_SZ NTDS
ProviderId REG_BINARY EE37263B80E5CF11A55500C04FD8D4AC
SupportedNameSpace REG_DWORD 0x20
Enabled REG_DWORD 0x1
Version REG_DWORD 0x0
StoresServiceClassInfo REG_DWORD 0x1
ProviderInfo REG_BINARY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
Next_Catalog_Entry_ID REG_DWORD 0x3ef
Num_Catalog_Entries REG_DWORD 0x6
Serial_Access_Num REG_DWORD 0x3
Num_Catalog_Entries64 REG_DWORD 0x6

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E90300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wshtcpip.dll,-60100

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000906020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192EA0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wshtcpip.dll,-60101

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090602000000000000000000000000000C000000A01A0FE78BABCF118CA300805F48A192EB0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wshtcpip.dll,-60102

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006600020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4EC030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wship6.dll,-60100

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000906020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4ED030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wship6.dll,-60101

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090602000000000000000000000000000C000000C0B0EAF9D426D011BBBF00AA006C34E4EE030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wship6.dll,-60102

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E90300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wshtcpip.dll,-60100

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000906020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192EA0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wshtcpip.dll,-60101

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090602000000000000000000000000000C000000A01A0FE78BABCF118CA300805F48A192EB0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wshtcpip.dll,-60102

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006600020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4EC030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wship6.dll,-60100

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000906020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4ED030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wship6.dll,-60101

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090602000000000000000000000000000C000000C0B0EAF9D426D011BBBF00AA006C34E4EE030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ProtocolName REG_SZ @%SystemRoot%\System32\wship6.dll,-60102
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Hopefully I've found the problem. Your registry thinks you have 4 entries in the NameSpac_Catalog5 when you really only have 3. Copy the text in the code box:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000003


Open notepad (Start, Run, notepad, OK)

Edit, Paste or Ctrl + v to paste the text into notepad. File, Save As (to your dekstop) "fix.reg" OK. (You must use the quotation marks or it won't work(

Close notepad.

Find fix.reg on your desktop and right click and Merge it into the registry.

Reboot and try it now.

Ron
  • 0

#13
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ron,

OK, Firefox and Outlook are working again!! :thumbsup:

Where are we now?

Greg
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Wow, I am getting good at this!

Let's see if there is any other damage:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#15
gregandmellina

gregandmellina

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ron,

For the scan:
Windows resource protection did not find any integrity violations.

The only driver that was not digitally signed was:

difxapi.dll in folder c:\windows\system32

System log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/11/2011 4:18:27 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/11/2011 4:19:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/11/2011 9:07:24 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 25/11/2011 9:07:24 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP