Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Fix attack on Windows 7 64 bit. HELP!


  • Please log in to reply

#1
jchitrav

jchitrav

    New Member

  • Member
  • Pip
  • 6 posts
Got into the trap of this system fix malware, I tried the Avast boot time scan, tdss killer and tried the Malwarebytes but no luck so far. Upon startup nearly 20 error message pop up and then the system fix window pops up. Attaching the OTL log and Extra log below

I would seriously appreciate any help. My system is a total mess at this point.

OTL Log

OTL logfile created on: 11/30/2011 11:29:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.14% Memory free
8.00 Gb Paging File | 5.94 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 603.12 Gb Free Space | 64.75% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.73 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.11 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jay\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Zc6H7VtzeaqmlY.exe ()
PRC - C:\ProgramData\UEthGOiLbV.exe ()
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\Zc6H7VtzeaqmlY.exe ()
MOD - C:\ProgramData\UEthGOiLbV.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Dyn Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSVolAcc) -- C:\Windows\SysNative\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV:64bit: - (PSMounter) -- C:\Windows\SysNative\drivers\psmounter.sys (Macrium Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 8E 32 20 82 A1 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 12:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 08:59:55 | 000,000,000 | ---D | M]

[2010/12/26 23:53:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2010/12/26 23:53:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/11/08 20:01:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions
[2011/11/08 20:01:08 | 000,000,000 | -H-D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/18 22:20:33 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\[email protected]
[2011/11/09 12:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/14 10:25:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 12:07:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/09 12:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/05 11:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/10/29 08:59:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/10/29 08:59:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/10/29 08:59:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/10/29 08:59:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/10/29 08:59:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/10/29 08:59:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/10/29 08:59:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2010/01/01 02:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 02:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/11/09 12:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2010/01/01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 02:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [B6AA29ED91485273F6D490AB149494A5F39604BE._service_run] "C:\Users\Jay\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [UEthGOiLbV.exe] C:\ProgramData\UEthGOiLbV.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 16:57:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/13 06:43:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/26 03:15:22 | 000,000,191 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b417ccc6-116e-11e0-8203-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b417ccc6-116e-11e0-8203-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 19:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{b417ccc6-116e-11e0-8203-806e6f6e6963}\Shell\dinstall\command - "" = G:\DirectX\DXSETUP.exe -- [2008/05/30 16:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 22:55:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 22:55:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/30 22:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/30 22:50:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/30 22:38:37 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{F0E9DF61-5ABC-44DC-9222-937EAC1489AD}
[2011/11/30 22:38:19 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{2A14D6E6-1245-4463-A259-B9950B8DC325}
[2011/11/30 17:08:27 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/11/30 09:32:06 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{42825DC6-B56B-4D2D-B016-524694F6A89C}
[2011/11/30 09:31:53 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{D9A41216-AEAA-4DC8-9DD9-362316F53C3E}
[2011/11/29 21:31:27 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{BB7B0A82-D782-478C-AD6E-0FBD9A5EED98}
[2011/11/29 21:31:16 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{B1160FC8-5EB2-49A6-B5C0-0DFEB1C92B4E}
[2011/11/29 09:30:48 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{BF4AA9D0-70D2-4FD0-8249-DF831E6F90B9}
[2011/11/29 09:30:37 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{BE720F7D-B9AE-471B-81AF-8096E9FE8F58}
[2011/11/28 20:34:59 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{EEE0C7C1-8E01-4A04-A93A-CC24D40DFB1E}
[2011/11/28 20:34:48 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{F88C8BF9-CB7A-46C6-BACC-86D11F746136}
[2011/11/28 17:20:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Solidshield
[2011/11/28 17:14:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\EA Core
[2011/11/28 17:03:44 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/28 17:03:43 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\Origin
[2011/11/28 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/11/28 16:58:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/11/28 16:47:04 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\Electronic Arts
[2011/11/28 16:46:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Origin
[2011/11/28 16:46:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Electronic Arts
[2011/11/28 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/28 11:43:21 | 000,000,000 | -H-D | C] -- C:\Users\Jay\Desktop\Crysis 2
[2011/11/28 08:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/28 08:34:21 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{1AC7AE94-F6CB-412B-A55C-E39F15A9DC2A}
[2011/11/28 08:34:09 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{BA25C3EA-1E18-4ECD-B93B-7BEC53049F55}
[2011/11/20 05:14:52 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{6EFE84F7-D8FE-43AC-AD9C-E77DA74BE52A}
[2011/11/20 05:14:39 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3986798F-6EF3-4673-A5C2-FB960141DDDE}
[2011/11/19 16:17:09 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{81A3F7B8-0031-420A-BCF4-AD936A66D7FB}
[2011/11/19 16:16:56 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{BAB5F41E-79D2-4401-A324-EF36BA6A9D7E}
[2011/11/19 10:31:07 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3F3B0314-589E-4B64-84F9-A37467B126CE}
[2011/11/19 09:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 22:14:24 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{33A07DA5-8EEE-4B2F-8469-E7DCF4DC21AC}
[2011/11/18 22:14:00 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{B5E9DE64-5E5E-4E6D-806D-5FF49C43745D}
[2011/11/18 06:28:05 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{50E2DAB0-0109-4653-ADEC-FE18920E96E2}
[2011/11/18 06:27:53 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{0DFEEFA3-5F56-491B-BC38-8CC4A90C9461}
[2011/11/18 06:27:10 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{EFCEF8D6-1037-4482-A697-4F4B1BC9069D}
[2011/11/18 06:26:53 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{4D97116E-7513-4F35-B6A9-150DE2198D0D}
[2011/11/17 10:34:04 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{DD9AB8BB-42DD-4299-A724-41BF61479ACE}
[2011/11/17 10:33:50 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3D142A56-3C76-4276-A26D-B2782809C65B}
[2011/11/16 21:48:11 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{47950B38-3585-4D83-8B6D-7B93177D5A56}
[2011/11/16 21:48:00 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3A0A8A1D-79CB-4799-A7CA-1E89B32E58D1}
[2011/11/16 21:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJ
[2011/11/16 21:10:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/11/16 21:10:15 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/11/16 09:07:16 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{84770B8C-24A5-45DE-B09E-F80756930EC0}
[2011/11/16 09:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{1E3C4AD5-9E15-4ECA-B275-9F4A8DDDED92}
[2011/11/15 22:19:43 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3E4CDFE7-E54F-4CEF-8580-0D223D16B3E1}
[2011/11/15 22:19:32 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{03AE7F9E-B7A7-4DB0-AB03-DD411BC709AB}
[2011/11/15 10:14:15 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{D90C07AE-DDBF-4283-99F7-4EC4382D5BA4}
[2011/11/15 10:14:01 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{19C09E64-A3EF-4080-BCC3-017A258904E7}
[2011/11/14 11:08:50 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{D32EEA65-988D-4315-86DB-9EA3AEF957F7}
[2011/11/14 11:08:27 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{D140BCD2-FD48-468F-AACF-C492EC1EA91A}
[2011/11/13 16:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 16:34:27 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{19BA5560-5348-411B-A5C7-C5B2936F59D4}
[2011/11/13 16:34:15 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{4942DEEF-6D28-4DEC-87CA-1C7BC53E3BA2}
[2011/11/13 00:06:27 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{D407A41D-D56C-4866-9B39-1CFC0568A1A8}
[2011/11/12 10:28:31 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{60C46267-AF21-4E8D-9650-53D2255936B3}
[2011/11/12 10:28:19 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{56E4AB09-AD80-4F00-92D9-4BB34BE545A5}
[2011/11/11 20:09:12 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{931E0DA8-EAF6-41DB-8A23-251CE2319F4C}
[2011/11/11 20:09:00 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3EB99FCF-7DE7-4F34-8419-6BDA0ADECD56}
[2011/11/11 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/11 08:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/11 08:05:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI
[2011/11/11 06:56:12 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3052CE44-6977-4148-A243-F902A83A6592}
[2011/11/11 06:55:42 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{5C9A7237-419F-458C-B9C2-CDDCCDE60CF4}
[2011/11/10 09:28:02 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{CD4B9C4B-B339-4B1C-BEFE-39BB7A4DFA82}
[2011/11/10 09:27:38 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{20B09596-6566-4BCE-B6B4-22C8011BE364}
[2011/11/09 20:43:26 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{42B8D87A-AB75-410B-8C1D-96D2AB128662}
[2011/11/09 20:43:04 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{7A1A8166-CC46-4555-BDEA-B57C47DBA219}
[2011/11/09 07:29:07 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{6412DECD-3C2F-4DCC-8BEB-03E0DF20A223}
[2011/11/09 07:28:51 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{6AABA6F7-FF17-4DC9-AB0B-E43EAF840829}
[2011/11/08 08:43:55 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{FC3DB47D-4466-4ECB-BD76-18E860A92859}
[2011/11/08 08:43:25 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{6ADADD52-1253-4AEA-8D07-762504907D4A}
[2011/11/07 17:52:18 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{06D78708-4CB2-402D-8EB2-90E125EA17A8}
[2011/11/07 17:52:06 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{03C08947-06A7-4F5A-9980-720CD6D85352}
[2011/11/07 08:07:08 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64
[2011/11/07 08:06:59 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/11/07 08:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011/11/07 05:37:17 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{CA185D45-470F-4EF2-84DB-F1A346D97236}
[2011/11/07 05:36:50 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{4905633C-C0F8-497D-80BE-DBE2C9C97D82}
[2011/11/06 17:06:40 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{37161634-09C4-46F2-8D25-1BB10CC0B522}
[2011/11/06 17:06:05 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{C167E620-E431-4085-845C-DCC8E3AD4339}
[2011/11/05 21:02:06 | 000,000,000 | -H-D | C] -- C:\Users\Jay\Documents\Square Enix
[2011/11/05 17:25:13 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{26136E2F-3324-4BBC-918E-603CB4520BCA}
[2011/11/05 17:24:50 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{74B6D748-44A1-4CAC-9227-C9B348393FBE}
[2011/11/05 04:35:14 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{C7ADC67A-ADE4-450C-869C-4DFACDCF7902}
[2011/11/05 04:34:47 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{3A3486BD-94D8-4D35-8EA8-01A1E6D9244F}
[2011/11/04 10:18:37 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{DFDB9FB4-74EA-436A-9A02-8073917EB1A3}
[2011/11/04 10:18:14 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{41289C0C-E0CB-4179-BEFE-8C60728E923F}
[2011/11/03 14:37:48 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{9B6A9D13-E109-4A04-8213-E583ACDD3379}
[2011/11/03 14:37:22 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{381B2BA2-BEF4-4134-AC52-15C6A00AF69A}
[2011/11/03 08:39:04 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{420129E8-F140-4386-8D10-C00B7AE219D8}
[2011/11/02 11:27:13 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{E5D0637A-25DD-4D01-A90E-7B1E58C053F6}
[2011/11/02 11:26:59 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{4A5D2F89-C837-4968-B42A-AD9D1EC07E6B}
[2011/11/01 09:58:55 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{14CC6040-12FD-41D3-95AB-63F3290506E1}
[2011/11/01 09:58:30 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData\Local\{0DB95E79-E986-4602-8CB6-8EFA8956C54A}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 22:55:18 | 000,001,144 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:55:18 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:45:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 22:43:26 | 000,000,216 | ---- | M] () -- C:\ProgramData\~Zc6H7VtzeaqmlYr
[2011/11/30 22:43:08 | 000,733,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/30 22:43:08 | 000,629,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/30 22:43:08 | 000,108,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/30 22:42:27 | 000,019,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 22:42:27 | 000,019,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 22:40:12 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~Zc6H7VtzeaqmlY
[2011/11/30 22:37:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 22:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/30 17:12:07 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 17:10:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/30 17:09:32 | 000,000,456 | -H-- | M] () -- C:\ProgramData\Zc6H7VtzeaqmlY
[2011/11/30 17:08:27 | 000,000,684 | -H-- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/30 17:08:27 | 000,000,660 | -H-- | M] () -- C:\Users\Jay\Desktop\System Fix.lnk
[2011/11/30 17:08:17 | 000,352,128 | -H-- | M] () -- C:\ProgramData\Zc6H7VtzeaqmlY.exe
[2011/11/30 16:54:15 | 000,445,312 | -H-- | M] () -- C:\ProgramData\UEthGOiLbV.exe
[2011/11/30 08:42:15 | 000,001,593 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/13 16:54:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/09 12:13:59 | 000,002,059 | -H-- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:43:40 | 000,185,234 | -H-- | M] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/09 07:28:05 | 000,309,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 12:01:37 | 000,251,182 | -H-- | M] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/07 05:52:35 | 000,010,240 | -H-- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 19:06:58 | 000,020,460 | -H-- | M] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/30 22:55:18 | 000,001,144 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:55:18 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:43:26 | 000,000,216 | ---- | C] () -- C:\ProgramData\~Zc6H7VtzeaqmlYr
[2011/11/30 22:39:03 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Zc6H7VtzeaqmlY
[2011/11/30 17:08:27 | 000,000,684 | -H-- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/30 17:08:27 | 000,000,660 | -H-- | C] () -- C:\Users\Jay\Desktop\System Fix.lnk
[2011/11/30 17:08:23 | 000,000,456 | -H-- | C] () -- C:\ProgramData\Zc6H7VtzeaqmlY
[2011/11/30 17:08:17 | 000,352,128 | -H-- | C] () -- C:\ProgramData\Zc6H7VtzeaqmlY.exe
[2011/11/30 16:57:16 | 000,445,312 | -H-- | C] () -- C:\ProgramData\UEthGOiLbV.exe
[2011/11/30 08:24:39 | 000,001,593 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/09 07:43:40 | 000,185,234 | -H-- | C] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/07 12:02:02 | 000,251,182 | -H-- | C] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/06 19:06:56 | 000,020,460 | -H-- | C] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/05 11:46:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/01 17:43:11 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/31 12:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 13:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 13:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 13:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 13:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 13:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 13:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 13:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 13:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 13:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 13:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/30 07:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 01:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/23 22:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/23 09:54:07 | 000,782,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 05:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 05:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 05:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 05:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 05:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 05:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 05:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 05:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 05:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 05:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 05:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 05:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 05:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/01/05 15:28:19 | 000,007,597 | -H-- | C] () -- C:\Users\Jay\AppData\Local\resmon.resmoncfg
[2010/12/31 20:58:15 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/29 15:28:31 | 000,010,240 | -H-- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:00:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 17:00:17 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/27 17:00:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/27 10:19:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/18 13:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 15:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/03/03 22:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== LOP Check ==========

[2011/11/07 08:06:59 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/04/19 18:38:37 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\Canneverbe Limited
[2011/11/28 12:06:10 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/05/19 09:25:08 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\Digiarty
[2010/12/31 21:01:05 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\DisplayTune
[2011/08/08 17:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\ImgBurn
[2011/04/19 18:38:40 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\OpenOffice.org
[2011/11/28 17:11:07 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/07 07:56:09 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\SmartVoip
[2011/10/23 22:18:14 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\uTorrent
[2010/12/27 17:10:17 | 000,000,000 | -H-D | M] -- C:\Users\Jay\AppData\Roaming\Windows Live Writer
[2011/10/25 09:44:55 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >


Extras Log

OTL Extras logfile created on: 11/30/2011 11:29:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 47.14% Memory free
8.00 Gb Paging File | 5.94 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 603.12 Gb Free Space | 64.75% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.73 Gb Free Space | 42.70% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.11 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{BAC8EFD5-602B-4EF6-91DD-F9AD7C83284E}" = Macrium Reflect - Free Edition
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.9.0
"{5B7F33B3-C72C-4408-8AF9-B855775F51DB}" = Picasa Web Albums Live Publisher
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = [email protected] UNDELETE
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"conduitEngine" = Conduit Engine
"DVD Shrink_is1" = DVD Shrink 3.2
"DynUpdater" = Dyn Updater
"EasyBCD" = EasyBCD 2.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FLV Player2.0.25" = FLV Player
"ImgBurn" = ImgBurn
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Monster Truck Madness 2.00Trial" = Microsoft Monster Truck Madness 2 Trial
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Origin" = Origin
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"SmartVoip_is1" = SmartVoip
"Speed Dial Utility" = Canon Speed Dial Utility
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33320" = Prince of Persia: The Forgotten Sands
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42670" = Singularity
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.3.0
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.2
"WinX Free MP4 to MPEG Converter_is1" = WinX Free MP4 to MPEG Converter 4.1.11
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UGX Cabin" = UGX Cabin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2011 11:30:35 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/29/2011 11:59:51 AM | Computer Name = PRIME | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 11/30/2011 10:14:35 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 10:42:16 AM | Computer Name = PRIME | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'Cisco Systems, Inc. VPN Service' could not
be restarted.

Error - 11/30/2011 10:59:06 AM | Computer Name = PRIME | Source = Application Hang | ID = 1002
Description = The program MovieMaker.exe version 15.4.3538.513 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1384 Start
Time: 01ccaf6e8318d5f5 Termination Time: 47 Application Path: C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.exe Report Id: d51c98b2-1b63-11e1-9a1f-001d7da4a36a


Error - 11/30/2011 11:04:25 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 2:05:23 PM | Computer Name = PRIME | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 11/30/2011 7:02:21 PM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:06:55 PM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 12:37:36 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 7/25/2011 12:17:24 PM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 11:17:24 AM - Error connecting to the internet. 11:17:24 AM - Unable
to contact server..

Error - 7/25/2011 12:17:33 PM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 11:17:29 AM - Error connecting to the internet. 11:17:29 AM - Unable
to contact server..

Error - 8/2/2011 9:39:52 AM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 8:39:45 AM - Error connecting to the internet. 8:39:45 AM - Unable
to contact server..

Error - 9/27/2011 2:25:51 PM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 1:25:51 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 11/30/2011 1:13:18 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:13:25 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:13:31 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:13:37 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:13:44 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:13:50 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:13:56 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 1:14:03 PM | Computer Name = PRIME | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/30/2011 5:20:52 PM | Computer Name = PRIME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk8\DR8.

Error - 11/30/2011 10:00:49 PM | Computer Name = PRIME | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Uninstall
Bing Bar
Java™ 6 Update 26
Java™ 6 Update 22
Conduit Engine
uTorrentBar Toolbar
µTorrent

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
Abiosdsk

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/11/08 20:01:08 | 000,000,000 | -H-D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/18 22:20:33 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\[email protected]
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [B6AA29ED91485273F6D490AB149494A5F39604BE._service_run] "C:\Users\Jay\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service File not found
O4 - HKCU..\Run: [UEthGOiLbV.exe] C:\ProgramData\UEthGOiLbV.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O32 - AutoRun File - [2010/01/26 03:15:22 | 000,000,191 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b417ccc6-116e-11e0-8203-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b417ccc6-116e-11e0-8203-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 19:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{b417ccc6-116e-11e0-8203-806e6f6e6963}\Shell\dinstall\command - "" = G:\DirectX\DXSETUP.exe -- [2008/05/30 16:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
[2011/11/30 22:43:26 | 000,000,216 | ---- | M] () -- C:\ProgramData\~Zc6H7VtzeaqmlYr
[2011/11/30 22:40:12 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~Zc6H7VtzeaqmlY
[2011/11/30 22:37:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 17:10:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/30 17:09:32 | 000,000,456 | -H-- | M] () -- C:\ProgramData\Zc6H7VtzeaqmlY
[2011/11/30 17:08:27 | 000,000,684 | -H-- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/30 17:08:27 | 000,000,660 | -H-- | M] () -- C:\Users\Jay\Desktop\System Fix.lnk
[2011/11/30 17:08:17 | 000,352,128 | -H-- | M] () -- C:\ProgramData\Zc6H7VtzeaqmlY.exe
[2011/11/30 16:54:15 | 000,445,312 | -H-- | M] () -- C:\ProgramData\UEthGOiLbV.exe
[2011/11/30 22:43:26 | 000,000,216 | ---- | C] () -- C:\ProgramData\~Zc6H7VtzeaqmlYr
[2011/11/30 22:39:03 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Zc6H7VtzeaqmlY
[2011/11/30 17:08:27 | 000,000,684 | -H-- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/30 17:08:27 | 000,000,660 | -H-- | C] () -- C:\Users\Jay\Desktop\System Fix.lnk
[2011/11/30 17:08:23 | 000,000,456 | -H-- | C] () -- C:\ProgramData\Zc6H7VtzeaqmlY
[2011/11/30 17:08:17 | 000,352,128 | -H-- | C] () -- C:\ProgramData\Zc6H7VtzeaqmlY.exe
[2011/11/30 16:57:16 | 000,445,312 | -H-- | C] () -- C:\ProgramData\UEthGOiLbV.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\ProgramData\Zc6H7VtzeaqmlY.exe
C:\ProgramData\UEthGOiLbV.exe
C:\ProgramData\*.exe
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Please Save the log and copy and paste it to a reply.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
jchitrav

jchitrav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thx Ron for helping out and for providing a lightning fast response.

I did what you have denoted in the previous post.

a) Couldn't uninstall the stuff as control panel and most were hidden. Pushed that to the final step before OTL rerun
b) OTL Fix error showed some error and i had to close the window and it exited automatically. This is one step I have doubts on whether i completed as you wanted.
c) Malwarebytes found some and cleaned it
d) Combofix ran 50 steps and took some time and brought back the hidden stuff also (Had to reboot to access the icons and links but worked after)
e) TDSSKiller found none
f) aswMBR did not light up the FIX and did not find any.
g) Uninstalled the stuff you described at this point
h) Ran the OTL for the logs.

I'm attaching all the logs in the order or Malwarebytes, Combofix, TDSSkiller, aswMBR, OTL with extra registry all (Both logs). Please advise


MBAM Log


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8283

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/1/2011 6:26:58 AM
mbam-log-2011-12-01 (06-26-58).txt

Scan type: Quick scan
Objects scanned: 170483
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UEthGOiLbV.exe (Trojan.FakeAlert) -> Value: UEthGOiLbV.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\uethgoilbv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Jay\AppData\Local\Temp\20B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Jay\AppData\Local\Temp\hy0ym92lolzjvi.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Combofix Log


ComboFix 11-12-01.01 - Jay 12/01/2011 6:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2556 [GMT -6:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Zc6H7VtzeaqmlY.exe
c:\users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Jay\Desktop\System Fix.lnk
F:\Autorun.inf
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 12:52 . 2011-12-01 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 12:02 . 2011-12-01 12:02 -------- d-----w- C:\_OTL
2011-12-01 04:55 . 2011-12-01 04:55 -------- d--h--w- c:\users\Jay\AppData\Roaming\Malwarebytes
2011-12-01 04:55 . 2011-12-01 04:55 -------- d--h--w- c:\programdata\Malwarebytes
2011-12-01 04:55 . 2011-12-01 04:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-01 04:55 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 04:50 . 2011-12-01 04:50 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-29 15:34 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57433093-898C-4F10-97C6-552AEA342B9A}\mpengine.dll
2011-11-28 23:20 . 2011-11-28 23:21 -------- d--h--w- c:\programdata\Solidshield
2011-11-28 23:14 . 2011-11-28 23:14 -------- d--h--w- c:\programdata\EA Core
2011-11-28 23:03 . 2011-11-28 23:11 -------- d--h--w- c:\users\Jay\AppData\Roaming\Origin
2011-11-28 23:03 . 2011-11-28 23:03 -------- d--h--w- c:\users\Jay\AppData\Local\Origin
2011-11-28 22:58 . 2011-11-28 22:58 -------- d--h--w- c:\program files (x86)\Origin Games
2011-11-28 22:57 . 2011-11-28 22:58 -------- d-----w- c:\program files (x86)\Origin
2011-11-28 22:47 . 2011-11-28 22:47 -------- d--h--w- c:\users\Jay\AppData\Local\Electronic Arts
2011-11-28 22:46 . 2011-11-28 23:11 -------- d--h--w- c:\programdata\Origin
2011-11-28 22:46 . 2011-11-28 23:03 -------- d--h--w- c:\programdata\Electronic Arts
2011-11-28 22:35 . 2011-11-28 22:57 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-11-19 15:49 . 2011-11-19 15:49 -------- d-----w- c:\program files\iTunes
2011-11-19 15:49 . 2011-11-19 15:49 -------- d-----w- c:\program files (x86)\iTunes
2011-11-19 15:49 . 2011-11-19 15:49 -------- d-----w- c:\program files\iPod
2011-11-17 03:12 . 2011-11-17 03:12 -------- d--h--w- c:\programdata\CanonIJ
2011-11-17 03:10 . 2011-11-28 18:06 -------- d--h--w- c:\users\Jay\AppData\Roaming\Canon
2011-11-13 22:54 . 2011-11-13 22:54 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 14:08 . 2011-11-11 14:08 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-11 14:08 . 2011-11-11 14:08 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-11 14:08 . 2011-11-11 14:08 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-11 14:05 . 2011-11-11 14:05 -------- d--h--w- c:\programdata\ATI
2011-11-08 22:53 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 22:53 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 22:53 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 22:53 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 14:06 . 2011-11-07 14:06 -------- d--h--w- c:\users\Jay\AppData\Roaming\Broad Intelligence
2011-11-07 14:06 . 2011-11-07 14:07 -------- d-----w- c:\program files\MediaCoder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-12-27 11:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-27 11:09 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-19 19:06 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-01 15:24 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-12-27 11:10 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-27 11:10 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-27 11:10 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-27 11:10 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-12-27 11:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-13 22:54 . 2011-05-18 14:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-12 22:16 . 2011-10-12 22:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-12 22:16 . 2011-10-12 22:16 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-12 22:16 . 2011-10-12 22:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-12 22:15 . 2011-10-12 22:15 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-12 22:14 . 2011-10-12 22:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-12 22:14 . 2011-10-12 22:14 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-10-12 20:14 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-12 20:10 . 2011-01-26 22:56 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-03-09 04:51 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:54 . 2011-03-09 04:40 4960768 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-10-12 19:44 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:39 . 2010-10-27 08:15 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:38 . 2011-10-12 19:38 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-12 19:33 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:31 . 2011-01-26 22:14 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-03-09 04:18 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-10-12 19:29 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-10-12 19:29 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-12 19:29 . 2011-10-12 19:29 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-27 19:26 . 2010-12-27 21:58 737072 ---ha-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-11-15 78192]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-12-29 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x]
R3 PSVolAcc;PSVolAcc; [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe [2011-08-31 366152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 16:15]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 16:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\2dj36vjb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-B6AA29ED91485273F6D490AB149494A5F39604BE._service_run - c:\users\Jay\AppData\Local\Google\Chrome\Application\chrome.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-334483819-3346264946-483841804-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-334483819-3346264946-483841804-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-12-01 07:10:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 13:10
.
Pre-Run: 646,846,259,200 bytes free
Post-Run: 646,682,742,784 bytes free
.
- - End Of File - - 5C4C0A93FCEBC87C6E54C889046B6FD0

TDSSKiller Log

07:20:08.0955 4912 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
07:20:09.0259 4912 ============================================================
07:20:09.0259 4912 Current date / time: 2011/12/01 07:20:09.0259
07:20:09.0259 4912 SystemInfo:
07:20:09.0260 4912
07:20:09.0260 4912 OS Version: 6.1.7601 ServicePack: 1.0
07:20:09.0260 4912 Product type: Workstation
07:20:09.0260 4912 ComputerName: PRIME
07:20:09.0260 4912 UserName: Jay
07:20:09.0260 4912 Windows directory: C:\Windows
07:20:09.0260 4912 System windows directory: C:\Windows
07:20:09.0260 4912 Running under WOW64
07:20:09.0260 4912 Processor architecture: Intel x64
07:20:09.0260 4912 Number of processors: 4
07:20:09.0260 4912 Page size: 0x1000
07:20:09.0260 4912 Boot type: Normal boot
07:20:09.0260 4912 ============================================================
07:20:11.0386 4912 Initialize success
07:20:28.0170 4520 ============================================================
07:20:28.0170 4520 Scan started
07:20:28.0170 4520 Mode: Manual;
07:20:28.0170 4520 ============================================================
07:20:29.0613 4520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:20:29.0615 4520 1394ohci - ok
07:20:29.0647 4520 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
07:20:29.0649 4520 61883 - ok
07:20:29.0709 4520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:20:29.0712 4520 ACPI - ok
07:20:29.0725 4520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:20:29.0727 4520 AcpiPmi - ok
07:20:29.0770 4520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:20:29.0776 4520 adp94xx - ok
07:20:29.0795 4520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:20:29.0798 4520 adpahci - ok
07:20:29.0817 4520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:20:29.0820 4520 adpu320 - ok
07:20:29.0867 4520 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:20:29.0872 4520 AFD - ok
07:20:29.0892 4520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:20:29.0893 4520 agp440 - ok
07:20:29.0914 4520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:20:29.0916 4520 aliide - ok
07:20:29.0949 4520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:20:29.0951 4520 amdide - ok
07:20:29.0966 4520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:20:29.0968 4520 AmdK8 - ok
07:20:30.0222 4520 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
07:20:30.0375 4520 amdkmdag - ok
07:20:30.0437 4520 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys
07:20:30.0439 4520 amdkmdap - ok
07:20:30.0462 4520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:20:30.0464 4520 AmdPPM - ok
07:20:30.0490 4520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:20:30.0492 4520 amdsata - ok
07:20:30.0509 4520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:20:30.0512 4520 amdsbs - ok
07:20:30.0527 4520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:20:30.0528 4520 amdxata - ok
07:20:30.0577 4520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:20:30.0579 4520 AppID - ok
07:20:30.0620 4520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:20:30.0623 4520 arc - ok
07:20:30.0635 4520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:20:30.0637 4520 arcsas - ok
07:20:30.0664 4520 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
07:20:30.0665 4520 aswFsBlk - ok
07:20:30.0694 4520 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
07:20:30.0695 4520 aswMonFlt - ok
07:20:30.0740 4520 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
07:20:30.0741 4520 aswRdr - ok
07:20:30.0768 4520 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
07:20:30.0771 4520 aswSnx - ok
07:20:30.0810 4520 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
07:20:30.0812 4520 aswSP - ok
07:20:30.0832 4520 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
07:20:30.0833 4520 aswTdi - ok
07:20:30.0847 4520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:20:30.0847 4520 AsyncMac - ok
07:20:30.0867 4520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:20:30.0867 4520 atapi - ok
07:20:30.0917 4520 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
07:20:30.0919 4520 AtiHDAudioService - ok
07:20:30.0953 4520 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
07:20:30.0955 4520 Avc - ok
07:20:30.0993 4520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:20:30.0999 4520 b06bdrv - ok
07:20:31.0039 4520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:20:31.0043 4520 b57nd60a - ok
07:20:31.0069 4520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:20:31.0070 4520 Beep - ok
07:20:31.0096 4520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:20:31.0098 4520 blbdrive - ok
07:20:31.0127 4520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:20:31.0129 4520 bowser - ok
07:20:31.0142 4520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:20:31.0144 4520 BrFiltLo - ok
07:20:31.0156 4520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:20:31.0157 4520 BrFiltUp - ok
07:20:31.0182 4520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:20:31.0186 4520 Brserid - ok
07:20:31.0194 4520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:20:31.0196 4520 BrSerWdm - ok
07:20:31.0211 4520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:20:31.0213 4520 BrUsbMdm - ok
07:20:31.0224 4520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:20:31.0226 4520 BrUsbSer - ok
07:20:31.0235 4520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:20:31.0237 4520 BTHMODEM - ok
07:20:31.0242 4520 catchme - ok
07:20:31.0262 4520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:20:31.0271 4520 cdfs - ok
07:20:31.0306 4520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:20:31.0308 4520 cdrom - ok
07:20:31.0327 4520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:20:31.0329 4520 circlass - ok
07:20:31.0351 4520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:20:31.0355 4520 CLFS - ok
07:20:31.0384 4520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:20:31.0386 4520 CmBatt - ok
07:20:31.0400 4520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:20:31.0415 4520 cmdide - ok
07:20:31.0453 4520 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:20:31.0458 4520 CNG - ok
07:20:31.0471 4520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:20:31.0473 4520 Compbatt - ok
07:20:31.0491 4520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:20:31.0493 4520 CompositeBus - ok
07:20:31.0510 4520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:20:31.0512 4520 crcdisk - ok
07:20:31.0574 4520 CrystalSysInfo (5228b7a738dc90a06ae4f4a7412cb1e9) C:\Program Files\MediaCoder\SysInfoX64.sys
07:20:31.0576 4520 CrystalSysInfo - ok
07:20:31.0605 4520 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
07:20:31.0606 4520 CVirtA - ok
07:20:31.0644 4520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:20:31.0646 4520 DfsC - ok
07:20:31.0662 4520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:20:31.0664 4520 discache - ok
07:20:31.0681 4520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:20:31.0683 4520 Disk - ok
07:20:31.0713 4520 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
07:20:31.0716 4520 DNE - ok
07:20:31.0754 4520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:20:31.0756 4520 drmkaud - ok
07:20:31.0805 4520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:20:31.0810 4520 DXGKrnl - ok
07:20:31.0921 4520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:20:31.0967 4520 ebdrv - ok
07:20:32.0002 4520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:20:32.0008 4520 elxstor - ok
07:20:32.0038 4520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:20:32.0040 4520 ErrDev - ok
07:20:32.0055 4520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:20:32.0058 4520 exfat - ok
07:20:32.0076 4520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:20:32.0079 4520 fastfat - ok
07:20:32.0097 4520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:20:32.0098 4520 fdc - ok
07:20:32.0120 4520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:20:32.0122 4520 FileInfo - ok
07:20:32.0140 4520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:20:32.0142 4520 Filetrace - ok
07:20:32.0160 4520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:20:32.0162 4520 flpydisk - ok
07:20:32.0180 4520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:20:32.0183 4520 FltMgr - ok
07:20:32.0200 4520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:20:32.0203 4520 FsDepends - ok
07:20:32.0227 4520 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
07:20:32.0229 4520 fssfltr - ok
07:20:32.0247 4520 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:20:32.0247 4520 Fs_Rec - ok
07:20:32.0268 4520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:20:32.0270 4520 fvevol - ok
07:20:32.0287 4520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:20:32.0294 4520 gagp30kx - ok
07:20:32.0340 4520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:20:32.0341 4520 GEARAspiWDM - ok
07:20:32.0396 4520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:20:32.0398 4520 hcw85cir - ok
07:20:32.0439 4520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:20:32.0443 4520 HdAudAddService - ok
07:20:32.0491 4520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:20:32.0493 4520 HDAudBus - ok
07:20:32.0512 4520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:20:32.0514 4520 HidBatt - ok
07:20:32.0531 4520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:20:32.0533 4520 HidBth - ok
07:20:32.0548 4520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:20:32.0551 4520 HidIr - ok
07:20:32.0566 4520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:20:32.0568 4520 HidUsb - ok
07:20:32.0587 4520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:20:32.0590 4520 HpSAMD - ok
07:20:32.0663 4520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:20:32.0671 4520 HTTP - ok
07:20:32.0704 4520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:20:32.0705 4520 hwpolicy - ok
07:20:32.0724 4520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:20:32.0727 4520 i8042prt - ok
07:20:32.0760 4520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:20:32.0765 4520 iaStorV - ok
07:20:32.0786 4520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:20:32.0788 4520 iirsp - ok
07:20:32.0866 4520 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
07:20:32.0879 4520 IntcAzAudAddService - ok
07:20:32.0919 4520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:20:32.0920 4520 intelide - ok
07:20:32.0939 4520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:20:32.0945 4520 intelppm - ok
07:20:33.0010 4520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:20:33.0013 4520 IpFilterDriver - ok
07:20:33.0031 4520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:20:33.0033 4520 IPMIDRV - ok
07:20:33.0052 4520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:20:33.0055 4520 IPNAT - ok
07:20:33.0092 4520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:20:33.0094 4520 IRENUM - ok
07:20:33.0108 4520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:20:33.0109 4520 isapnp - ok
07:20:33.0126 4520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:20:33.0130 4520 iScsiPrt - ok
07:20:33.0151 4520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:20:33.0151 4520 kbdclass - ok
07:20:33.0171 4520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:20:33.0192 4520 kbdhid - ok
07:20:33.0213 4520 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:20:33.0216 4520 KSecDD - ok
07:20:33.0250 4520 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:20:33.0252 4520 KSecPkg - ok
07:20:33.0272 4520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:20:33.0273 4520 ksthunk - ok
07:20:33.0303 4520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:20:33.0305 4520 lltdio - ok
07:20:33.0353 4520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:20:33.0355 4520 LSI_FC - ok
07:20:33.0372 4520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:20:33.0375 4520 LSI_SAS - ok
07:20:33.0406 4520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:20:33.0408 4520 LSI_SAS2 - ok
07:20:33.0422 4520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:20:33.0424 4520 LSI_SCSI - ok
07:20:33.0441 4520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:20:33.0444 4520 luafv - ok
07:20:33.0482 4520 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
07:20:33.0483 4520 MBAMProtector - ok
07:20:33.0512 4520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:20:33.0514 4520 megasas - ok
07:20:33.0530 4520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:20:33.0534 4520 MegaSR - ok
07:20:33.0549 4520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:20:33.0551 4520 Modem - ok
07:20:33.0579 4520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:20:33.0580 4520 monitor - ok
07:20:33.0593 4520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:20:33.0594 4520 mouclass - ok
07:20:33.0614 4520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:20:33.0616 4520 mouhid - ok
07:20:33.0651 4520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:20:33.0652 4520 mountmgr - ok
07:20:33.0686 4520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:20:33.0688 4520 mpio - ok
07:20:33.0715 4520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:20:33.0717 4520 mpsdrv - ok
07:20:33.0756 4520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:20:33.0759 4520 MRxDAV - ok
07:20:33.0791 4520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:20:33.0794 4520 mrxsmb - ok
07:20:33.0836 4520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:20:33.0840 4520 mrxsmb10 - ok
07:20:33.0877 4520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:20:33.0899 4520 mrxsmb20 - ok
07:20:33.0932 4520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:20:33.0935 4520 msahci - ok
07:20:33.0976 4520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:20:33.0978 4520 msdsm - ok
07:20:34.0016 4520 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
07:20:34.0018 4520 MSDV - ok
07:20:34.0037 4520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:20:34.0039 4520 Msfs - ok
07:20:34.0053 4520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:20:34.0055 4520 mshidkmdf - ok
07:20:34.0085 4520 MSHUSBVideo (26668cc2920de2497a8e369b16e48ca3) C:\Windows\system32\Drivers\nx6000.sys
07:20:34.0086 4520 MSHUSBVideo - ok
07:20:34.0102 4520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:20:34.0103 4520 msisadrv - ok
07:20:34.0140 4520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:20:34.0142 4520 MSKSSRV - ok
07:20:34.0159 4520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:20:34.0161 4520 MSPCLOCK - ok
07:20:34.0175 4520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:20:34.0177 4520 MSPQM - ok
07:20:34.0215 4520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:20:34.0219 4520 MsRPC - ok
07:20:34.0236 4520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:20:34.0237 4520 mssmbios - ok
07:20:34.0252 4520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:20:34.0255 4520 MSTEE - ok
07:20:34.0273 4520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:20:34.0275 4520 MTConfig - ok
07:20:34.0293 4520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:20:34.0293 4520 Mup - ok
07:20:34.0327 4520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:20:34.0331 4520 NativeWifiP - ok
07:20:34.0383 4520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:20:34.0392 4520 NDIS - ok
07:20:34.0411 4520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:20:34.0413 4520 NdisCap - ok
07:20:34.0436 4520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:20:34.0438 4520 NdisTapi - ok
07:20:34.0483 4520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:20:34.0499 4520 Ndisuio - ok
07:20:34.0518 4520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:20:34.0521 4520 NdisWan - ok
07:20:34.0560 4520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:20:34.0562 4520 NDProxy - ok
07:20:34.0573 4520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:20:34.0575 4520 NetBIOS - ok
07:20:34.0609 4520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:20:34.0612 4520 NetBT - ok
07:20:34.0656 4520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:20:34.0658 4520 nfrd960 - ok
07:20:34.0680 4520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:20:34.0682 4520 Npfs - ok
07:20:34.0693 4520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:20:34.0694 4520 nsiproxy - ok
07:20:34.0795 4520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:20:34.0821 4520 Ntfs - ok
07:20:34.0849 4520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:20:34.0852 4520 Null - ok
07:20:34.0881 4520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:20:34.0885 4520 nvraid - ok
07:20:34.0905 4520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:20:34.0923 4520 nvstor - ok
07:20:34.0964 4520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:20:34.0968 4520 nv_agp - ok
07:20:34.0983 4520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:20:34.0986 4520 ohci1394 - ok
07:20:35.0011 4520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:20:35.0013 4520 Parport - ok
07:20:35.0051 4520 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:20:35.0053 4520 partmgr - ok
07:20:35.0070 4520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:20:35.0072 4520 pci - ok
07:20:35.0089 4520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:20:35.0091 4520 pciide - ok
07:20:35.0114 4520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:20:35.0118 4520 pcmcia - ok
07:20:35.0136 4520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:20:35.0137 4520 pcw - ok
07:20:35.0161 4520 PdiPorts (c65cebc504de95212232213010db9a51) C:\Windows\system32\DRIVERS\PdiPorts.sys
07:20:35.0162 4520 PdiPorts - ok
07:20:35.0208 4520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:20:35.0215 4520 PEAUTH - ok
07:20:35.0295 4520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:20:35.0298 4520 PptpMiniport - ok
07:20:35.0307 4520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:20:35.0308 4520 Processor - ok
07:20:35.0360 4520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:20:35.0362 4520 Psched - ok
07:20:35.0404 4520 PSMounter (64fb5893c11c2dbde8fe656d9dbbb1d5) C:\Windows\system32\drivers\psmounter.sys
07:20:35.0406 4520 PSMounter - ok
07:20:35.0448 4520 PSVolAcc (20ddb1375928d78f60e4f10ac280c7e9) C:\Windows\system32\drivers\PSVolAcc.sys
07:20:35.0450 4520 PSVolAcc - ok
07:20:35.0472 4520 pwdrvio (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys
07:20:35.0476 4520 pwdrvio - ok
07:20:35.0505 4520 pwdspio (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys
07:20:35.0509 4520 pwdspio - ok
07:20:35.0542 4520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:20:35.0569 4520 ql2300 - ok
07:20:35.0595 4520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:20:35.0597 4520 ql40xx - ok
07:20:35.0613 4520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:20:35.0616 4520 QWAVEdrv - ok
07:20:35.0633 4520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:20:35.0635 4520 RasAcd - ok
07:20:35.0656 4520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:20:35.0658 4520 RasAgileVpn - ok
07:20:35.0699 4520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:20:35.0702 4520 Rasl2tp - ok
07:20:35.0738 4520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:20:35.0740 4520 RasPppoe - ok
07:20:35.0750 4520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:20:35.0752 4520 RasSstp - ok
07:20:35.0791 4520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:20:35.0808 4520 rdbss - ok
07:20:35.0828 4520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:20:35.0830 4520 rdpbus - ok
07:20:35.0849 4520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:20:35.0851 4520 RDPCDD - ok
07:20:35.0882 4520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:20:35.0885 4520 RDPENCDD - ok
07:20:35.0900 4520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:20:35.0901 4520 RDPREFMP - ok
07:20:35.0962 4520 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:20:35.0965 4520 RDPWD - ok
07:20:36.0010 4520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:20:36.0012 4520 rdyboost - ok
07:20:36.0034 4520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:20:36.0036 4520 rspndr - ok
07:20:36.0075 4520 RTL8167 (0039de6a0a1293889a3f21ecc473263d) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:20:36.0078 4520 RTL8167 - ok
07:20:36.0133 4520 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
07:20:36.0134 4520 RtNdPt60 - ok
07:20:36.0189 4520 RTTEAMPT (3183388da27655085960a22b4b29caa9) C:\Windows\system32\DRIVERS\RtTeam60.sys
07:20:36.0191 4520 RTTEAMPT - ok
07:20:36.0206 4520 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
07:20:36.0208 4520 RTVLANPT - ok
07:20:36.0235 4520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:20:36.0238 4520 sbp2port - ok
07:20:36.0266 4520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:20:36.0267 4520 scfilter - ok
07:20:36.0292 4520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:20:36.0294 4520 secdrv - ok
07:20:36.0312 4520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:20:36.0314 4520 Serenum - ok
07:20:36.0326 4520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:20:36.0328 4520 Serial - ok
07:20:36.0351 4520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:20:36.0353 4520 sermouse - ok
07:20:36.0393 4520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:20:36.0395 4520 sffdisk - ok
07:20:36.0412 4520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:20:36.0414 4520 sffp_mmc - ok
07:20:36.0425 4520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:20:36.0427 4520 sffp_sd - ok
07:20:36.0438 4520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:20:36.0441 4520 sfloppy - ok
07:20:36.0462 4520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:20:36.0479 4520 SiSRaid2 - ok
07:20:36.0494 4520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:20:36.0496 4520 SiSRaid4 - ok
07:20:36.0522 4520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:20:36.0525 4520 Smb - ok
07:20:36.0545 4520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:20:36.0546 4520 spldr - ok
07:20:36.0596 4520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:20:36.0601 4520 srv - ok
07:20:36.0676 4520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:20:36.0681 4520 srv2 - ok
07:20:36.0694 4520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:20:36.0697 4520 srvnet - ok
07:20:36.0711 4520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:20:36.0713 4520 stexstor - ok
07:20:36.0743 4520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:20:36.0743 4520 swenum - ok
07:20:36.0835 4520 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:20:36.0870 4520 Tcpip - ok
07:20:36.0919 4520 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:20:36.0930 4520 TCPIP6 - ok
07:20:36.0974 4520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:20:36.0976 4520 tcpipreg - ok
07:20:37.0011 4520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:20:37.0013 4520 TDPIPE - ok
07:20:37.0032 4520 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:20:37.0034 4520 TDTCP - ok
07:20:37.0072 4520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:20:37.0086 4520 tdx - ok
07:20:37.0129 4520 TEAM (3183388da27655085960a22b4b29caa9) C:\Windows\system32\DRIVERS\RtTeam60.sys
07:20:37.0130 4520 TEAM - ok
07:20:37.0147 4520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:20:37.0148 4520 TermDD - ok
07:20:37.0184 4520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:20:37.0186 4520 tssecsrv - ok
07:20:37.0220 4520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:20:37.0222 4520 TsUsbFlt - ok
07:20:37.0259 4520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:20:37.0262 4520 tunnel - ok
07:20:37.0290 4520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:20:37.0293 4520 uagp35 - ok
07:20:37.0332 4520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:20:37.0336 4520 udfs - ok
07:20:37.0361 4520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:20:37.0364 4520 uliagpkx - ok
07:20:37.0390 4520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:20:37.0392 4520 umbus - ok
07:20:37.0407 4520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:20:37.0409 4520 UmPass - ok
07:20:37.0433 4520 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:20:37.0436 4520 USBAAPL64 - ok
07:20:37.0461 4520 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:20:37.0464 4520 usbaudio - ok
07:20:37.0484 4520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:20:37.0487 4520 usbccgp - ok
07:20:37.0511 4520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:20:37.0514 4520 usbcir - ok
07:20:37.0533 4520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
07:20:37.0535 4520 usbehci - ok
07:20:37.0554 4520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:20:37.0558 4520 usbhub - ok
07:20:37.0583 4520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:20:37.0586 4520 usbohci - ok
07:20:37.0602 4520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:20:37.0605 4520 usbprint - ok
07:20:37.0634 4520 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:20:37.0636 4520 usbscan - ok
07:20:37.0666 4520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:20:37.0667 4520 USBSTOR - ok
07:20:37.0695 4520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:20:37.0697 4520 usbuhci - ok
07:20:37.0730 4520 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
07:20:37.0733 4520 usbvideo - ok
07:20:37.0751 4520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:20:37.0752 4520 vdrvroot - ok
07:20:37.0772 4520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:20:37.0774 4520 vga - ok
07:20:37.0789 4520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:20:37.0791 4520 VgaSave - ok
07:20:37.0811 4520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:20:37.0814 4520 vhdmp - ok
07:20:37.0842 4520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:20:37.0852 4520 viaide - ok
07:20:37.0918 4520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:20:37.0931 4520 volmgr - ok
07:20:38.0054 4520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:20:38.0064 4520 volmgrx - ok
07:20:38.0114 4520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:20:38.0117 4520 volsnap - ok
07:20:38.0153 4520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:20:38.0157 4520 vsmraid - ok
07:20:38.0176 4520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:20:38.0179 4520 vwifibus - ok
07:20:38.0199 4520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:20:38.0201 4520 WacomPen - ok
07:20:38.0267 4520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:20:38.0270 4520 WANARP - ok
07:20:38.0274 4520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:20:38.0275 4520 Wanarpv6 - ok
07:20:38.0349 4520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:20:38.0356 4520 Wd - ok
07:20:38.0399 4520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:20:38.0406 4520 Wdf01000 - ok
07:20:38.0509 4520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:20:38.0511 4520 WfpLwf - ok
07:20:38.0526 4520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:20:38.0528 4520 WIMMount - ok
07:20:38.0582 4520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:20:38.0584 4520 WinUsb - ok
07:20:38.0621 4520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:20:38.0623 4520 WmiAcpi - ok
07:20:38.0658 4520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:20:38.0660 4520 ws2ifsl - ok
07:20:38.0715 4520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:20:38.0718 4520 WudfPf - ok
07:20:38.0739 4520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:20:38.0741 4520 WUDFRd - ok
07:20:38.0752 4520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
07:20:38.0756 4520 \Device\Harddisk2\DR2 - ok
07:20:38.0768 4520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:20:38.0772 4520 \Device\Harddisk0\DR0 - ok
07:20:38.0785 4520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
07:20:38.0788 4520 \Device\Harddisk1\DR1 - ok
07:20:38.0799 4520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
07:20:38.0935 4520 \Device\Harddisk3\DR3 - ok
07:20:38.0945 4520 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR8
07:20:38.0950 4520 \Device\Harddisk8\DR8 - ok
07:20:38.0953 4520 Boot (0x1200) (7610c6f12d3306a0e3b95fae498b8b7b) \Device\Harddisk2\DR2\Partition0
07:20:38.0954 4520 \Device\Harddisk2\DR2\Partition0 - ok
07:20:38.0961 4520 Boot (0x1200) (fa40fca32b11244edff23fed4f932024) \Device\Harddisk0\DR0\Partition0
07:20:38.0961 4520 \Device\Harddisk0\DR0\Partition0 - ok
07:20:38.0968 4520 Boot (0x1200) (51ad7f2e7f4b642db4510f0e09c54822) \Device\Harddisk1\DR1\Partition0
07:20:38.0969 4520 \Device\Harddisk1\DR1\Partition0 - ok
07:20:38.0971 4520 Boot (0x1200) (50f04186cec451c4deeb11c5fc3e6324) \Device\Harddisk3\DR3\Partition0
07:20:38.0972 4520 \Device\Harddisk3\DR3\Partition0 - ok
07:20:38.0973 4520 ============================================================
07:20:38.0973 4520 Scan finished
07:20:38.0973 4520 ============================================================
07:20:38.0983 3796 Detected object count: 0
07:20:38.0983 3796 Actual detected object count: 0

aswMBR Log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-01 07:28:36
-----------------------------
07:28:36.738 OS Version: Windows x64 6.1.7601 Service Pack 1
07:28:36.738 Number of processors: 4 586 0xF0B
07:28:36.739 ComputerName: PRIME UserName: Jay
07:28:42.260 Initialize success
07:28:45.258 AVAST engine defs: 11120100
07:29:53.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:29:53.807 Disk 0 Vendor: ST31000528AS CC3E Size: 953868MB BusType: 3
07:29:53.811 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
07:29:53.813 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476938MB BusType: 3
07:29:53.819 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-3
07:29:53.822 Disk 2 Vendor: WDC_WD1200AB-00DYA0 15.05R15 Size: 114472MB BusType: 3
07:29:53.826 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-5
07:29:53.829 Disk 3 Vendor: MAXTOR_STM3200820AS 3.AAE Size: 190782MB BusType: 3
07:29:53.850 Disk 0 MBR read successfully
07:29:53.854 Disk 0 MBR scan
07:29:53.858 Disk 0 Windows 7 default MBR code
07:29:53.862 Service scanning
07:29:55.186 Modules scanning
07:29:55.191 Scan finished successfully
07:30:12.632 Disk 0 MBR has been saved successfully to "C:\Users\Jay\Desktop\MBR.dat"
07:30:12.637 The log file has been saved successfully to "C:\Users\Jay\Desktop\aswMBR.txt"


OTL Logs (Both)

OTL logfile created on: 12/1/2011 7:51:28 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.03% Memory free
8.00 Gb Paging File | 6.67 Gb Available in Paging File | 83.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 602.02 Gb Free Space | 64.63% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.80 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.18 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jay\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Dyn Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSVolAcc) -- C:\Windows\SysNative\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV:64bit: - (PSMounter) -- C:\Windows\SysNative\drivers\psmounter.sys (Macrium Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 8E 32 20 82 A1 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 12:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 08:59:55 | 000,000,000 | ---D | M]

[2010/12/26 23:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/18 22:20:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\[email protected]
[2011/11/09 12:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/14 10:25:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 12:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 12:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/01 06:53:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 16:57:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/13 06:43:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 07:27:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:01 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 07:14:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/01 07:10:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/01 06:44:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 06:44:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 06:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/01 06:44:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 06:43:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 06:40:41 | 004,323,152 | R--- | C] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware1
[2011/12/01 06:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1
[2011/12/01 06:02:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 23:17:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 22:55:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 22:55:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/30 22:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/30 22:50:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/30 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F0E9DF61-5ABC-44DC-9222-937EAC1489AD}
[2011/11/30 22:38:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{2A14D6E6-1245-4463-A259-B9950B8DC325}
[2011/11/30 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42825DC6-B56B-4D2D-B016-524694F6A89C}
[2011/11/30 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D9A41216-AEAA-4DC8-9DD9-362316F53C3E}
[2011/11/29 21:31:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BB7B0A82-D782-478C-AD6E-0FBD9A5EED98}
[2011/11/29 21:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B1160FC8-5EB2-49A6-B5C0-0DFEB1C92B4E}
[2011/11/29 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BF4AA9D0-70D2-4FD0-8249-DF831E6F90B9}
[2011/11/29 09:30:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BE720F7D-B9AE-471B-81AF-8096E9FE8F58}
[2011/11/28 20:34:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EEE0C7C1-8E01-4A04-A93A-CC24D40DFB1E}
[2011/11/28 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F88C8BF9-CB7A-46C6-BACC-86D11F746136}
[2011/11/28 17:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/11/28 17:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/11/28 17:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/28 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Origin
[2011/11/28 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/11/28 16:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/11/28 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Electronic Arts
[2011/11/28 16:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/28 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/28 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/28 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Crysis 2
[2011/11/28 08:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/28 08:34:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1AC7AE94-F6CB-412B-A55C-E39F15A9DC2A}
[2011/11/28 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BA25C3EA-1E18-4ECD-B93B-7BEC53049F55}
[2011/11/20 05:14:52 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6EFE84F7-D8FE-43AC-AD9C-E77DA74BE52A}
[2011/11/20 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3986798F-6EF3-4673-A5C2-FB960141DDDE}
[2011/11/19 16:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{81A3F7B8-0031-420A-BCF4-AD936A66D7FB}
[2011/11/19 16:16:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BAB5F41E-79D2-4401-A324-EF36BA6A9D7E}
[2011/11/19 10:31:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3F3B0314-589E-4B64-84F9-A37467B126CE}
[2011/11/19 09:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 22:14:24 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{33A07DA5-8EEE-4B2F-8469-E7DCF4DC21AC}
[2011/11/18 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B5E9DE64-5E5E-4E6D-806D-5FF49C43745D}
[2011/11/18 06:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{50E2DAB0-0109-4653-ADEC-FE18920E96E2}
[2011/11/18 06:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{0DFEEFA3-5F56-491B-BC38-8CC4A90C9461}
[2011/11/18 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EFCEF8D6-1037-4482-A697-4F4B1BC9069D}
[2011/11/18 06:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4D97116E-7513-4F35-B6A9-150DE2198D0D}
[2011/11/17 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DD9AB8BB-42DD-4299-A724-41BF61479ACE}
[2011/11/17 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3D142A56-3C76-4276-A26D-B2782809C65B}
[2011/11/16 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{47950B38-3585-4D83-8B6D-7B93177D5A56}
[2011/11/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A0A8A1D-79CB-4799-A7CA-1E89B32E58D1}
[2011/11/16 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2011/11/16 21:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJScan
[2011/11/16 21:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/11/16 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{84770B8C-24A5-45DE-B09E-F80756930EC0}
[2011/11/16 09:06:49 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1E3C4AD5-9E15-4ECA-B275-9F4A8DDDED92}
[2011/11/15 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3E4CDFE7-E54F-4CEF-8580-0D223D16B3E1}
[2011/11/15 22:19:32 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03AE7F9E-B7A7-4DB0-AB03-DD411BC709AB}
[2011/11/15 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D90C07AE-DDBF-4283-99F7-4EC4382D5BA4}
[2011/11/15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19C09E64-A3EF-4080-BCC3-017A258904E7}
[2011/11/14 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D32EEA65-988D-4315-86DB-9EA3AEF957F7}
[2011/11/14 11:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D140BCD2-FD48-468F-AACF-C492EC1EA91A}
[2011/11/13 16:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19BA5560-5348-411B-A5C7-C5B2936F59D4}
[2011/11/13 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4942DEEF-6D28-4DEC-87CA-1C7BC53E3BA2}
[2011/11/13 00:06:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D407A41D-D56C-4866-9B39-1CFC0568A1A8}
[2011/11/12 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{60C46267-AF21-4E8D-9650-53D2255936B3}
[2011/11/12 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{56E4AB09-AD80-4F00-92D9-4BB34BE545A5}
[2011/11/11 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{931E0DA8-EAF6-41DB-8A23-251CE2319F4C}
[2011/11/11 20:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3EB99FCF-7DE7-4F34-8419-6BDA0ADECD56}
[2011/11/11 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/11 08:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/11 08:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/11 06:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3052CE44-6977-4148-A243-F902A83A6592}
[2011/11/11 06:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{5C9A7237-419F-458C-B9C2-CDDCCDE60CF4}
[2011/11/10 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CD4B9C4B-B339-4B1C-BEFE-39BB7A4DFA82}
[2011/11/10 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{20B09596-6566-4BCE-B6B4-22C8011BE364}
[2011/11/09 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42B8D87A-AB75-410B-8C1D-96D2AB128662}
[2011/11/09 20:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{7A1A8166-CC46-4555-BDEA-B57C47DBA219}
[2011/11/09 07:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6412DECD-3C2F-4DCC-8BEB-03E0DF20A223}
[2011/11/09 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6AABA6F7-FF17-4DC9-AB0B-E43EAF840829}
[2011/11/08 08:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{FC3DB47D-4466-4ECB-BD76-18E860A92859}
[2011/11/08 08:43:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6ADADD52-1253-4AEA-8D07-762504907D4A}
[2011/11/07 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{06D78708-4CB2-402D-8EB2-90E125EA17A8}
[2011/11/07 17:52:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03C08947-06A7-4F5A-9980-720CD6D85352}
[2011/11/07 08:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64
[2011/11/07 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/11/07 08:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011/11/07 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CA185D45-470F-4EF2-84DB-F1A346D97236}
[2011/11/07 05:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4905633C-C0F8-497D-80BE-DBE2C9C97D82}
[2011/11/06 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{37161634-09C4-46F2-8D25-1BB10CC0B522}
[2011/11/06 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C167E620-E431-4085-845C-DCC8E3AD4339}
[2011/11/05 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Square Enix
[2011/11/05 17:25:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{26136E2F-3324-4BBC-918E-603CB4520BCA}
[2011/11/05 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{74B6D748-44A1-4CAC-9227-C9B348393FBE}
[2011/11/05 04:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C7ADC67A-ADE4-450C-869C-4DFACDCF7902}
[2011/11/05 04:34:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A3486BD-94D8-4D35-8EA8-01A1E6D9244F}
[2011/11/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DFDB9FB4-74EA-436A-9A02-8073917EB1A3}
[2011/11/04 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{41289C0C-E0CB-4179-BEFE-8C60728E923F}
[2011/11/03 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{9B6A9D13-E109-4A04-8213-E583ACDD3379}
[2011/11/03 14:37:22 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{381B2BA2-BEF4-4134-AC52-15C6A00AF69A}
[2011/11/03 08:39:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{420129E8-F140-4386-8D10-C00B7AE219D8}
[2011/11/02 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{E5D0637A-25DD-4D01-A90E-7B1E58C053F6}
[2011/11/02 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4A5D2F89-C837-4968-B42A-AD9D1EC07E6B}
[2011/11/01 09:58:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{14CC6040-12FD-41D3-95AB-63F3290506E1}
[2011/11/01 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{0DB95E79-E986-4602-8CB6-8EFA8956C54A}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 07:55:26 | 000,733,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/01 07:55:26 | 000,629,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/01 07:55:26 | 000,108,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/01 07:49:29 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 07:49:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 07:49:00 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 07:45:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 07:30:12 | 000,000,512 | ---- | M] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 07:28:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:23:51 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 07:23:51 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 07:19:22 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 06:53:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/01 06:40:52 | 004,323,152 | R--- | M] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,001,151 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:23:42 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:09:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 22:43:26 | 000,000,216 | ---- | M] () -- C:\ProgramData\~Zc6H7VtzeaqmlYr
[2011/11/30 22:40:12 | 000,000,312 | ---- | M] () -- C:\ProgramData\~Zc6H7VtzeaqmlY
[2011/11/30 17:10:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/30 17:09:32 | 000,000,456 | ---- | M] () -- C:\ProgramData\Zc6H7VtzeaqmlY
[2011/11/30 08:42:15 | 000,001,593 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/28 08:46:57 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/28 08:35:20 | 000,001,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/11/19 09:49:52 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/13 16:54:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/09 12:13:59 | 000,002,059 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:43:40 | 000,185,234 | ---- | M] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/09 07:28:05 | 000,309,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 12:01:37 | 000,251,182 | ---- | M] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/07 05:52:35 | 000,010,240 | ---- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 19:06:58 | 000,020,460 | ---- | M] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 07:30:12 | 000,000,512 | ---- | C] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 06:48:47 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2011/12/01 06:48:47 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/12/01 06:48:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/01 06:48:41 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/12/01 06:48:41 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/01 06:48:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/01 06:48:41 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/01 06:48:41 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/12/01 06:48:41 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/01 06:48:41 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/01 06:48:41 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/01 06:48:41 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/01 06:48:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/01 06:48:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/01 06:48:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/01 06:48:41 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/01 06:48:41 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/01 06:48:41 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/01 06:48:41 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/01 06:48:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/01 06:48:40 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/12/01 06:48:40 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 06:48:40 | 000,002,365 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX880 series On-screen Manual.lnk
[2011/12/01 06:48:40 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/12/01 06:48:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/12/01 06:48:40 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2011/12/01 06:48:40 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/01 06:48:40 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/01 06:48:40 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/01 06:48:40 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/01 06:48:40 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011/12/01 06:48:40 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2011/12/01 06:48:40 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2011/12/01 06:48:40 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/12/01 06:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 06:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 06:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 06:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 06:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/01 06:23:42 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:55:18 | 000,001,151 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:43:26 | 000,000,216 | ---- | C] () -- C:\ProgramData\~Zc6H7VtzeaqmlYr
[2011/11/30 22:39:03 | 000,000,312 | ---- | C] () -- C:\ProgramData\~Zc6H7VtzeaqmlY
[2011/11/30 17:08:23 | 000,000,456 | ---- | C] () -- C:\ProgramData\Zc6H7VtzeaqmlY
[2011/11/30 08:24:39 | 000,001,593 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/09 07:43:40 | 000,185,234 | ---- | C] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/07 12:02:02 | 000,251,182 | ---- | C] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/06 19:06:56 | 000,020,460 | ---- | C] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/05 11:46:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/01 17:43:11 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/31 12:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 13:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 13:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 13:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 13:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 13:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 13:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 13:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 13:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 13:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 13:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/30 07:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 01:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/23 22:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/23 09:54:07 | 000,782,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 05:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 05:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 05:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 05:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 05:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 05:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 05:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 05:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 05:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 05:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 05:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 05:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 05:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/01/05 15:28:19 | 000,007,597 | ---- | C] () -- C:\Users\Jay\AppData\Local\resmon.resmoncfg
[2010/12/31 20:58:15 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/29 15:28:31 | 000,010,240 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:00:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 17:00:17 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/27 17:00:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/27 10:19:32 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/18 13:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 15:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/03/03 22:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >

OTL Extras log

OTL Extras logfile created on: 12/1/2011 7:51:28 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.03% Memory free
8.00 Gb Paging File | 6.67 Gb Available in Paging File | 83.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 602.02 Gb Free Space | 64.63% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.80 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.18 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{BAC8EFD5-602B-4EF6-91DD-F9AD7C83284E}" = Macrium Reflect - Free Edition
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.9.0
"{5B7F33B3-C72C-4408-8AF9-B855775F51DB}" = Picasa Web Albums Live Publisher
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = [email protected] UNDELETE
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DVD Shrink_is1" = DVD Shrink 3.2
"DynUpdater" = Dyn Updater
"EasyBCD" = EasyBCD 2.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FLV Player2.0.25" = FLV Player
"ImgBurn" = ImgBurn
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Monster Truck Madness 2.00Trial" = Microsoft Monster Truck Madness 2 Trial
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Origin" = Origin
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"SmartVoip_is1" = SmartVoip
"Speed Dial Utility" = Canon Speed Dial Utility
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33320" = Prince of Persia: The Forgotten Sands
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42670" = Singularity
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"TurboTax 2010" = TurboTax 2010
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.3.0
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.2
"WinX Free MP4 to MPEG Converter_is1" = WinX Free MP4 to MPEG Converter 4.1.11
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UGX Cabin" = UGX Cabin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2011 12:37:36 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 7:53:04 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 8:01:34 AM | Computer Name = PRIME | Source = Application Hang | ID = 1002
Description = The program OTL(1).exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 6e8 Start Time:
01ccb020ab3a73fd Termination Time: 3 Application Path: C:\Users\Jay\Downloads\OTL(1).exe

Report
Id: 2fd2163d-1c14-11e1-a637-001d7da4a36a

Error - 12/1/2011 8:02:31 AM | Computer Name = PRIME | Source = Application Error | ID = 1000
Description = Faulting application name: lsm.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7abf0 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x0000000000020a4a Faulting
process id: 0x278 Faulting application start time: 0x01ccb01fa77ddeba Faulting application
path: C:\Windows\system32\lsm.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 58878534-1c14-11e1-a637-001d7da4a36a

Error - 12/1/2011 8:02:33 AM | Computer Name = PRIME | Source = Wininit | ID = 1015
Description = A critical system process, C:\Windows\system32\lsm.exe, failed with
status code 255. The machine must now be restarted.

Error - 12/1/2011 8:05:15 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 8:09:54 AM | Computer Name = PRIME | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x0000000000020a4a Faulting
process id: 0x28c Faulting application start time: 0x01ccb021cc23cc52 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 606d063a-1c15-11e1-afe9-001d7da4a36a

Error - 12/1/2011 8:30:47 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 8:54:02 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 9:17:03 AM | Computer Name = PRIME | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 7/25/2011 12:17:24 PM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 11:17:24 AM - Error connecting to the internet. 11:17:24 AM - Unable
to contact server..

Error - 7/25/2011 12:17:33 PM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 11:17:29 AM - Error connecting to the internet. 11:17:29 AM - Unable
to contact server..

Error - 8/2/2011 9:39:52 AM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 8:39:45 AM - Error connecting to the internet. 8:39:45 AM - Unable
to contact server..

Error - 9/27/2011 2:25:51 PM | Computer Name = PRIME | Source = MCUpdate | ID = 0
Description = 1:25:51 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 12/1/2011 8:21:30 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:23:25 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:23:25 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:23:25 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:28:25 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:28:25 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:28:25 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/1/2011 8:48:49 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/1/2011 8:51:35 AM | Computer Name = PRIME | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/1/2011 8:52:16 AM | Computer Name = PRIME | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\ProgramData\~Zc6H7VtzeaqmlYr
C:\ProgramData\~Zc6H7VtzeaqmlY
C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
C:\Users\Jay\Desktop\System Fix.lnk
C:\ProgramData\Zc6H7VtzeaqmlY
C:\ProgramData\Zc6H7VtzeaqmlY.exe
C:\ProgramData\UEthGOiLbV.exe
C:\Windows\SysWow64\config.nt

RootKit::
C:\ProgramData\~Zc6H7VtzeaqmlYr
C:\ProgramData\~Zc6H7VtzeaqmlY
C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
C:\Users\Jay\Desktop\System Fix.lnk
C:\ProgramData\Zc6H7VtzeaqmlY
C:\ProgramData\Zc6H7VtzeaqmlY.exe
C:\ProgramData\UEthGOiLbV.exe
C:\Windows\SysWow64\config.nt


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.




Copy the text in the code box by highlighting and Ctrl + c

/md5start
wmplayer.exe
wmploc.DLL
srvsvc.dll
srv.sys
srv2.sys
srvnet.sys
netevent.dll
pcouffin.sys
spldr.sys
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Run OTL again, Quickscan and post the log.
  • 0

#5
jchitrav

jchitrav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,

On the OTL section of your previous post, is it RUN SCAN or RUN FIX .
I'm now running the COMBOFIX with the CFSCRIPT you provided will do the OTL once you confirm.

Regards
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
RUN SCAN

I'm just asking it to calculate the MD5 checksums for all copies of all files on the list. Not changing anything.
  • 0

#7
jchitrav

jchitrav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Ron,

I'm attaching the following

a) The combofix log for the CFSCRIPT you provided
b) OTL scan from RUN SCAN per your MD5 script (After RUN SCAN system did not reboot so I just did it manually once)
c) OTL scan from QUICK SCAN

Please advise

COMBOFIX Log with CFSCRIPT

ComboFix 11-12-01.01 - Jay 12/01/2011 12:00:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2460 [GMT -6:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
Command switches used :: c:\users\Jay\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\~Zc6H7VtzeaqmlY"
"c:\programdata\~Zc6H7VtzeaqmlYr"
"c:\programdata\UEthGOiLbV.exe"
"c:\programdata\Zc6H7VtzeaqmlY"
"c:\programdata\Zc6H7VtzeaqmlY.exe"
"c:\users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk"
"c:\users\Jay\Desktop\System Fix.lnk"
"c:\windows\SysWow64\config.nt"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~Zc6H7VtzeaqmlY
c:\programdata\~Zc6H7VtzeaqmlYr
c:\programdata\Zc6H7VtzeaqmlY
c:\windows\SysWow64\config.nt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 18:07 . 2011-12-01 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 12:02 . 2011-12-01 12:02 -------- d-----w- C:\_OTL
2011-12-01 04:55 . 2011-12-01 04:55 -------- d-----w- c:\users\Jay\AppData\Roaming\Malwarebytes
2011-12-01 04:55 . 2011-12-01 04:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-01 04:55 . 2011-12-01 04:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-01 04:55 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 04:50 . 2011-12-01 04:50 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-29 15:34 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57433093-898C-4F10-97C6-552AEA342B9A}\mpengine.dll
2011-11-28 23:20 . 2011-11-28 23:21 -------- d-----w- c:\programdata\Solidshield
2011-11-28 23:14 . 2011-11-28 23:14 -------- d-----w- c:\programdata\EA Core
2011-11-28 23:03 . 2011-11-28 23:11 -------- d-----w- c:\users\Jay\AppData\Roaming\Origin
2011-11-28 23:03 . 2011-11-28 23:03 -------- d-----w- c:\users\Jay\AppData\Local\Origin
2011-11-28 22:58 . 2011-11-28 22:58 -------- d-----w- c:\program files (x86)\Origin Games
2011-11-28 22:57 . 2011-11-28 22:58 -------- d-----w- c:\program files (x86)\Origin
2011-11-28 22:47 . 2011-11-28 22:47 -------- d-----w- c:\users\Jay\AppData\Local\Electronic Arts
2011-11-28 22:46 . 2011-11-28 23:11 -------- d-----w- c:\programdata\Origin
2011-11-28 22:46 . 2011-11-28 23:03 -------- d-----w- c:\programdata\Electronic Arts
2011-11-28 22:35 . 2011-11-28 22:57 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-11-19 15:49 . 2011-11-19 15:49 -------- d-----w- c:\program files\iTunes
2011-11-19 15:49 . 2011-11-19 15:49 -------- d-----w- c:\program files (x86)\iTunes
2011-11-19 15:49 . 2011-11-19 15:49 -------- d-----w- c:\program files\iPod
2011-11-17 03:12 . 2011-11-17 03:12 -------- d-----w- c:\programdata\CanonIJ
2011-11-17 03:10 . 2011-11-28 18:06 -------- d-----w- c:\users\Jay\AppData\Roaming\Canon
2011-11-13 22:54 . 2011-11-13 22:54 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 14:08 . 2011-11-11 14:08 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-11 14:08 . 2011-11-11 14:08 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-11 14:08 . 2011-11-11 14:08 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-11 14:05 . 2011-11-11 14:05 -------- d-----w- c:\programdata\ATI
2011-11-08 22:53 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 22:53 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 22:53 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 22:53 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 14:06 . 2011-11-07 14:06 -------- d-----w- c:\users\Jay\AppData\Roaming\Broad Intelligence
2011-11-07 14:06 . 2011-11-07 14:07 -------- d-----w- c:\program files\MediaCoder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-12-27 11:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-27 11:09 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-01-19 19:06 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-01 15:24 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-12-27 11:10 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-27 11:10 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-27 11:10 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-27 11:10 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-12-27 11:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-13 22:54 . 2011-05-18 14:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-12 22:16 . 2011-10-12 22:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-12 22:16 . 2011-10-12 22:16 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-12 22:16 . 2011-10-12 22:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-12 22:15 . 2011-10-12 22:15 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-12 22:14 . 2011-10-12 22:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-12 22:14 . 2011-10-12 22:14 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-10-12 20:14 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-12 20:10 . 2011-01-26 22:56 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-03-09 04:51 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:54 . 2011-03-09 04:40 4960768 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-10-12 19:44 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:39 . 2010-10-27 08:15 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:38 . 2011-10-12 19:38 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-12 19:33 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:31 . 2011-01-26 22:14 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-03-09 04:18 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-03-09 04:17 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-10-12 19:29 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-10-12 19:29 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-12 19:29 . 2011-10-12 19:29 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-27 19:26 . 2010-12-27 21:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_12.54.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-01 17:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-01 12:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-01 12:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 17:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-01 12:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 17:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 09:18 . 2011-12-01 14:46 47680 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-01 14:46 29868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-27 05:24 . 2011-12-01 14:46 11632 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-334483819-3346264946-483841804-1001_UserData.bin
- 2010-12-27 04:13 . 2011-12-01 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 04:13 . 2011-12-01 16:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 04:13 . 2011-12-01 16:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-27 04:13 . 2011-12-01 12:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-01 12:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 16:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-12-01 14:47 91408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-12-01 12:53 . 2011-12-01 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 18:08 . 2011-12-01 18:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 18:08 . 2011-12-01 18:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-01 12:53 . 2011-12-01 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-12-01 12:34 629248 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-01 14:50 629248 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-01 14:50 108896 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-01 12:34 108896 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-12-01 12:52 299784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-01 18:07 299784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-12-01 14:47 7151238 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-11 14:16 7151238 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-21 13:58 . 2011-12-01 14:43 9674048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-334483819-3346264946-483841804-1001-12288.dat
+ 2011-12-01 14:42 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2009-07-14 02:34 . 2011-12-01 14:43 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-11-11 14:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-01 14:42 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
+ 2010-12-28 05:40 . 2011-12-01 18:07 54458496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-334483819-3346264946-483841804-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-11-15 78192]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-12-29 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x]
R3 PSVolAcc;PSVolAcc; [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe [2011-08-31 366152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 16:15]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 16:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\2dj36vjb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-334483819-3346264946-483841804-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-334483819-3346264946-483841804-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-12-01 12:12:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 18:12
ComboFix2.txt 2011-12-01 13:10
.
Pre-Run: 642,932,936,704 bytes free
Post-Run: 642,865,651,712 bytes free
.
- - End Of File - - DD83B148C8BF008D58A6967EDFAA748B

OTL RUN SCAN Log with the MD5

OTL logfile created on: 12/1/2011 12:19:57 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.29% Memory free
8.00 Gb Paging File | 6.27 Gb Available in Paging File | 78.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 598.81 Gb Free Space | 64.28% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.80 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.18 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jay\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Dyn Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSVolAcc) -- C:\Windows\SysNative\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV:64bit: - (PSMounter) -- C:\Windows\SysNative\drivers\psmounter.sys (Macrium Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 1D E8 30 35 B0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 12:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 08:59:55 | 000,000,000 | ---D | M]

[2010/12/26 23:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/18 22:20:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\[email protected]
[2011/11/09 12:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/14 10:25:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 12:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 12:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/01 12:08:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 16:57:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/13 06:43:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 12:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/01 08:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/01 07:27:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:01 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 07:10:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/01 06:44:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 06:44:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 06:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/01 06:44:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 06:43:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 06:40:41 | 004,323,152 | R--- | C] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware1
[2011/12/01 06:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1
[2011/12/01 06:02:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 23:17:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 22:55:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 22:55:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/30 22:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/30 22:50:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/30 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F0E9DF61-5ABC-44DC-9222-937EAC1489AD}
[2011/11/30 22:38:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{2A14D6E6-1245-4463-A259-B9950B8DC325}
[2011/11/30 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42825DC6-B56B-4D2D-B016-524694F6A89C}
[2011/11/30 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D9A41216-AEAA-4DC8-9DD9-362316F53C3E}
[2011/11/29 21:31:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BB7B0A82-D782-478C-AD6E-0FBD9A5EED98}
[2011/11/29 21:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B1160FC8-5EB2-49A6-B5C0-0DFEB1C92B4E}
[2011/11/29 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BF4AA9D0-70D2-4FD0-8249-DF831E6F90B9}
[2011/11/29 09:30:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BE720F7D-B9AE-471B-81AF-8096E9FE8F58}
[2011/11/28 20:34:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EEE0C7C1-8E01-4A04-A93A-CC24D40DFB1E}
[2011/11/28 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F88C8BF9-CB7A-46C6-BACC-86D11F746136}
[2011/11/28 17:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/11/28 17:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/11/28 17:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/28 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Origin
[2011/11/28 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/11/28 16:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/11/28 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Electronic Arts
[2011/11/28 16:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/28 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/28 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/28 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Crysis 2
[2011/11/28 08:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/28 08:34:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1AC7AE94-F6CB-412B-A55C-E39F15A9DC2A}
[2011/11/28 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BA25C3EA-1E18-4ECD-B93B-7BEC53049F55}
[2011/11/20 05:14:52 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6EFE84F7-D8FE-43AC-AD9C-E77DA74BE52A}
[2011/11/20 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3986798F-6EF3-4673-A5C2-FB960141DDDE}
[2011/11/19 16:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{81A3F7B8-0031-420A-BCF4-AD936A66D7FB}
[2011/11/19 16:16:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BAB5F41E-79D2-4401-A324-EF36BA6A9D7E}
[2011/11/19 10:31:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3F3B0314-589E-4B64-84F9-A37467B126CE}
[2011/11/19 09:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 22:14:24 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{33A07DA5-8EEE-4B2F-8469-E7DCF4DC21AC}
[2011/11/18 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B5E9DE64-5E5E-4E6D-806D-5FF49C43745D}
[2011/11/18 06:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{50E2DAB0-0109-4653-ADEC-FE18920E96E2}
[2011/11/18 06:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{0DFEEFA3-5F56-491B-BC38-8CC4A90C9461}
[2011/11/18 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EFCEF8D6-1037-4482-A697-4F4B1BC9069D}
[2011/11/18 06:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4D97116E-7513-4F35-B6A9-150DE2198D0D}
[2011/11/17 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DD9AB8BB-42DD-4299-A724-41BF61479ACE}
[2011/11/17 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3D142A56-3C76-4276-A26D-B2782809C65B}
[2011/11/16 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{47950B38-3585-4D83-8B6D-7B93177D5A56}
[2011/11/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A0A8A1D-79CB-4799-A7CA-1E89B32E58D1}
[2011/11/16 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2011/11/16 21:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJScan
[2011/11/16 21:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/11/16 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{84770B8C-24A5-45DE-B09E-F80756930EC0}
[2011/11/16 09:06:49 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1E3C4AD5-9E15-4ECA-B275-9F4A8DDDED92}
[2011/11/15 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3E4CDFE7-E54F-4CEF-8580-0D223D16B3E1}
[2011/11/15 22:19:32 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03AE7F9E-B7A7-4DB0-AB03-DD411BC709AB}
[2011/11/15 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D90C07AE-DDBF-4283-99F7-4EC4382D5BA4}
[2011/11/15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19C09E64-A3EF-4080-BCC3-017A258904E7}
[2011/11/14 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D32EEA65-988D-4315-86DB-9EA3AEF957F7}
[2011/11/14 11:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D140BCD2-FD48-468F-AACF-C492EC1EA91A}
[2011/11/13 16:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19BA5560-5348-411B-A5C7-C5B2936F59D4}
[2011/11/13 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4942DEEF-6D28-4DEC-87CA-1C7BC53E3BA2}
[2011/11/13 00:06:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D407A41D-D56C-4866-9B39-1CFC0568A1A8}
[2011/11/12 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{60C46267-AF21-4E8D-9650-53D2255936B3}
[2011/11/12 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{56E4AB09-AD80-4F00-92D9-4BB34BE545A5}
[2011/11/11 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{931E0DA8-EAF6-41DB-8A23-251CE2319F4C}
[2011/11/11 20:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3EB99FCF-7DE7-4F34-8419-6BDA0ADECD56}
[2011/11/11 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/11 08:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/11 08:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/11 06:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3052CE44-6977-4148-A243-F902A83A6592}
[2011/11/11 06:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{5C9A7237-419F-458C-B9C2-CDDCCDE60CF4}
[2011/11/10 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CD4B9C4B-B339-4B1C-BEFE-39BB7A4DFA82}
[2011/11/10 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{20B09596-6566-4BCE-B6B4-22C8011BE364}
[2011/11/09 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42B8D87A-AB75-410B-8C1D-96D2AB128662}
[2011/11/09 20:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{7A1A8166-CC46-4555-BDEA-B57C47DBA219}
[2011/11/09 07:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6412DECD-3C2F-4DCC-8BEB-03E0DF20A223}
[2011/11/09 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6AABA6F7-FF17-4DC9-AB0B-E43EAF840829}
[2011/11/08 08:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{FC3DB47D-4466-4ECB-BD76-18E860A92859}
[2011/11/08 08:43:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6ADADD52-1253-4AEA-8D07-762504907D4A}
[2011/11/07 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{06D78708-4CB2-402D-8EB2-90E125EA17A8}
[2011/11/07 17:52:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03C08947-06A7-4F5A-9980-720CD6D85352}
[2011/11/07 08:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64
[2011/11/07 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/11/07 08:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011/11/07 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CA185D45-470F-4EF2-84DB-F1A346D97236}
[2011/11/07 05:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4905633C-C0F8-497D-80BE-DBE2C9C97D82}
[2011/11/06 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{37161634-09C4-46F2-8D25-1BB10CC0B522}
[2011/11/06 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C167E620-E431-4085-845C-DCC8E3AD4339}
[2011/11/05 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Square Enix
[2011/11/05 17:25:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{26136E2F-3324-4BBC-918E-603CB4520BCA}
[2011/11/05 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{74B6D748-44A1-4CAC-9227-C9B348393FBE}
[2011/11/05 04:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C7ADC67A-ADE4-450C-869C-4DFACDCF7902}
[2011/11/05 04:34:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A3486BD-94D8-4D35-8EA8-01A1E6D9244F}
[2011/11/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DFDB9FB4-74EA-436A-9A02-8073917EB1A3}
[2011/11/04 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{41289C0C-E0CB-4179-BEFE-8C60728E923F}
[2011/11/03 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{9B6A9D13-E109-4A04-8213-E583ACDD3379}
[2011/11/03 14:37:22 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{381B2BA2-BEF4-4134-AC52-15C6A00AF69A}
[2011/11/03 08:39:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{420129E8-F140-4386-8D10-C00B7AE219D8}
[2011/11/02 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{E5D0637A-25DD-4D01-A90E-7B1E58C053F6}
[2011/11/02 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4A5D2F89-C837-4968-B42A-AD9D1EC07E6B}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 12:22:50 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:22:50 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:19:54 | 000,733,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/01 12:19:54 | 000,629,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/01 12:19:54 | 000,108,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/01 12:15:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 12:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 12:15:25 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 12:08:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/01 11:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 08:38:34 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/01 07:30:12 | 000,000,512 | ---- | M] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 07:28:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:22 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 06:40:52 | 004,323,152 | R--- | M] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,001,151 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:23:42 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:09:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 08:42:15 | 000,001,593 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/28 08:46:57 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/28 08:35:20 | 000,001,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/11/19 09:49:52 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/13 16:54:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/09 12:13:59 | 000,002,059 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:43:40 | 000,185,234 | ---- | M] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/09 07:28:05 | 000,309,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 12:01:37 | 000,251,182 | ---- | M] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/07 05:52:35 | 000,010,240 | ---- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 19:06:58 | 000,020,460 | ---- | M] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 08:38:34 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/01 07:30:12 | 000,000,512 | ---- | C] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 06:48:47 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2011/12/01 06:48:47 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/12/01 06:48:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/01 06:48:41 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/12/01 06:48:41 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/01 06:48:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/01 06:48:41 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/01 06:48:41 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/12/01 06:48:41 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/01 06:48:41 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/01 06:48:41 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/01 06:48:41 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/01 06:48:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/01 06:48:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/01 06:48:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/01 06:48:41 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/01 06:48:41 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/01 06:48:41 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/01 06:48:41 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/01 06:48:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/01 06:48:40 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/12/01 06:48:40 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 06:48:40 | 000,002,365 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX880 series On-screen Manual.lnk
[2011/12/01 06:48:40 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/12/01 06:48:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/12/01 06:48:40 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2011/12/01 06:48:40 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/01 06:48:40 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/01 06:48:40 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/01 06:48:40 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/01 06:48:40 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011/12/01 06:48:40 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2011/12/01 06:48:40 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2011/12/01 06:48:40 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/12/01 06:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 06:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 06:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 06:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 06:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/01 06:23:42 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:55:18 | 000,001,151 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/30 08:24:39 | 000,001,593 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/09 07:43:40 | 000,185,234 | ---- | C] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/07 12:02:02 | 000,251,182 | ---- | C] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/06 19:06:56 | 000,020,460 | ---- | C] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/05 11:46:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/01 17:43:11 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/31 12:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 13:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 13:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 13:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 13:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 13:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 13:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 13:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 13:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 13:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 13:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/30 07:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 01:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/23 22:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/23 09:54:07 | 000,782,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 05:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 05:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 05:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 05:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 05:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 05:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 05:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 05:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 05:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 05:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 05:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 05:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 05:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/01/05 15:28:19 | 000,007,597 | ---- | C] () -- C:\Users\Jay\AppData\Local\resmon.resmoncfg
[2010/12/31 20:58:15 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/29 15:28:31 | 000,010,240 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:00:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 17:00:17 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/27 17:00:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/27 10:19:32 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/18 13:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 15:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/03/03 22:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== Custom Scans ==========



< MD5 for: NETEVENT.DLL >
[2009/07/13 19:30:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=62CAEC17815F39C2050B24B015AEDF29 -- C:\Windows\SysNative\netevent.dll
[2009/07/13 19:30:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=62CAEC17815F39C2050B24B015AEDF29 -- C:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_b63b4a28843fd6da\netevent.dll
[2009/07/13 19:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7AE262FC7A2AFA9F4192A44466AC5DC -- C:\Windows\SysWOW64\netevent.dll
[2009/07/13 19:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7AE262FC7A2AFA9F4192A44466AC5DC -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_5a1caea4cbe265a4\netevent.dll

< MD5 for: SPLDR.SYS >
[2009/07/13 19:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
[2009/07/13 19:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys

< MD5 for: SRV.SYS >
[2011/04/28 20:54:02 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=10586F14752ACE786AB120FF8BB6BDA4 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys
[2011/02/22 23:16:28 | 000,461,312 | ---- | M] (Microsoft Corporation) MD5=148D50904D2A0DF29A19778715EB35BB -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16765_none_3602027210145b36\srv.sys
[2010/11/20 03:28:09 | 000,468,992 | ---- | M] (Microsoft Corporation) MD5=2098B8556D1CEC2ACA9A29CD479E3692 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\srv.sys
[2011/04/28 21:13:10 | 000,461,312 | ---- | M] (Microsoft Corporation) MD5=2408C0366D96BCDF63E8F1C78E4A29C5 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_3643e42a0fe2ca0e\srv.sys
[2010/06/21 21:21:15 | 000,463,360 | ---- | M] (Microsoft Corporation) MD5=43067A65522EAEC33D31A12D6FA8E3F4 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_363c11500fe837b6\srv.sys
[2011/04/28 21:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=441FBA48BFF01FDB9D5969EBC1838F0B -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/28 21:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=441FBA48BFF01FDB9D5969EBC1838F0B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_382c41c40d0768a8\srv.sys
[2011/02/22 21:32:25 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=65784FF2D21F85A35E2590F65A6B2382 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21666_none_3872fc8d26578043\srv.sys
[2011/02/22 22:56:27 | 000,467,456 | ---- | M] (Microsoft Corporation) MD5=65BBF4920148C2EE279055DA7228FC7B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17565_none_37e85f780d3ac722\srv.sys
[2010/06/21 20:48:00 | 000,462,336 | ---- | M] (Microsoft Corporation) MD5=C4757FE6421EB3AFD9FD66592C5BFBE1 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_369c3bbd29264744\srv.sys
[2011/04/28 21:06:57 | 000,460,800 | ---- | M] (Microsoft Corporation) MD5=CF6EFAEB9EB9823A0D27EDE6D1AF662D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_369771592928f58d\srv.sys
[2011/02/22 21:49:08 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=D388EBD2314A31E7BB7474F9C101CD1A -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20907_none_36ce813f28ff832f\srv.sys
[2010/08/26 21:38:04 | 000,463,360 | ---- | M] (Microsoft Corporation) MD5=DE6F5658DA951C4BC8E498570B5B0D5F -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16664_none_36010042101544b8\srv.sys
[2010/08/26 21:39:57 | 000,462,336 | ---- | M] (Microsoft Corporation) MD5=DF128B7DFA3A5E399363B8F83275399D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20789_none_3679fea7293e9b17\srv.sys
[2009/07/13 17:25:13 | 000,465,408 | ---- | M] (Microsoft Corporation) MD5=EC8F67289105BF270498095F14963464 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16385_none_35ec5b0210249e7c\srv.sys

< MD5 for: SRV2.SYS >
[2010/06/21 21:20:50 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=03715CF9C30B563DA35FC5F2B8F7B8E0 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16619_none_363141640ff053a7\srv2.sys
[2010/06/21 20:47:35 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=069A85A39B43C3F2336835CB5E3A0E6D -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20740_none_36916bd1292e6335\srv2.sys
[2010/08/26 21:39:45 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=17D31E2F7FCCC24C08ECACEA945D3B14 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20789_none_366f2ebb2946b708\srv2.sys
[2011/02/22 21:31:59 | 000,409,600 | ---- | M] (Microsoft Corporation) MD5=342451BA8549FDBA860CB172549F14CE -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21666_none_38682ca1265f9c34\srv2.sys
[2010/08/26 21:37:48 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4D33D59C0B930C523D29F9BD40CDA9D2 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16664_none_35f63056101d60a9\srv2.sys
[2011/04/28 21:12:54 | 000,399,872 | ---- | M] (Microsoft Corporation) MD5=76548F7B818881B47D8D1AE1BE9C11F8 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16806_none_3639143e0feae5ff\srv2.sys
[2011/04/28 21:06:38 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=930113266636C1889B56470A84D8756F -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20956_none_368ca16d2931117e\srv2.sys
[2011/04/28 21:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) MD5=B4ADEBBF5E3677CCE9651E0F01F7CC28 -- C:\Windows\SysNative\drivers\srv2.sys
[2011/04/28 21:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) MD5=B4ADEBBF5E3677CCE9651E0F01F7CC28 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17608_none_382171d80d0f8499\srv2.sys
[2011/02/22 21:48:35 | 000,400,384 | ---- | M] (Microsoft Corporation) MD5=C5CB472BBA74F5CCA93D8A4196D63D0B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.20907_none_36c3b15329079f20\srv2.sys
[2011/02/22 23:16:01 | 000,401,920 | ---- | M] (Microsoft Corporation) MD5=CE2189FE31D36678AC9EB7DDEE08EC96 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16765_none_35f73286101c7727\srv2.sys
[2010/11/20 03:27:46 | 000,413,184 | ---- | M] (Microsoft Corporation) MD5=D0F73A42040F21F92FD314B42AC5C9E7 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17514_none_38129ede0d1b3e07\srv2.sys
[2011/02/22 22:56:03 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=DA939F762A1CCC2D77428621DDBD40A7 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.17565_none_37dd8f8c0d42e313\srv2.sys
[2011/04/28 20:53:39 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=E10010AC9A4E8D7676EC89700BB6A24C -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21717_none_389f3e6d263626fd\srv2.sys
[2009/07/13 17:25:04 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=F773D2ED090B7BAA1C1A034F3CA476C8 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7600.16385_none_35e18b16102cba6d\srv2.sys

< MD5 for: SRVNET.SYS >
[2011/04/28 21:12:37 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=0AF6E19D39C70844C5CAA8FB0183C36E -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16806_none_6022a903299648f0\srvnet.sys
[2011/04/28 21:06:31 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=19E0B9883EE4DB831CD5DD781CBD6498 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20956_none_6076363242dc746f\srvnet.sys
[2009/07/13 17:24:59 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=26E84D3649019C3244622E654DFCD75B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16385_none_5fcb1fdb29d81d5e\srvnet.sys
[2011/04/28 21:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=27E461F0BE5BFF5FC737328F749538C3 -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/04/28 21:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=27E461F0BE5BFF5FC737328F749538C3 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17608_none_620b069d26bae78a\srvnet.sys
[2010/11/20 03:27:21 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=2BA8F3250828CCDB4204ECF2C6F40B6A -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17514_none_61fc33a326c6a0f8\srvnet.sys
[2010/08/26 21:39:24 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=3EBBD18201CF162E537217D7C51047F6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20789_none_6058c38042f219f9\srvnet.sys
[2011/02/22 22:55:47 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=3F847C9DC87299516F7DC82FB6572865 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17565_none_61c7245126ee4604\srvnet.sys
[2011/04/28 20:53:17 | 000,168,448 | ---- | M] (Microsoft Corporation) MD5=497BC12BDA57CACB29A6B63C3069A0F5 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21717_none_6288d3323fe189ee\srvnet.sys
[2011/02/22 21:48:26 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=55BE8EE4C3EC8081E68A8C21BFF94256 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20907_none_60ad461842b30211\srvnet.sys
[2010/08/26 21:37:26 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5A663FD67049267BC5C3F3279E631FFB -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16664_none_5fdfc51b29c8c39a\srvnet.sys
[2010/06/21 20:47:20 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=A2FF8C218D5B62D693658F91B7FBB514 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_607b009642d9c626\srvnet.sys
[2011/02/22 21:31:48 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=B3293EB86DE13312DF227D13C54E3B6B -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21666_none_6251c166400aff25\srvnet.sys
[2011/02/22 23:15:50 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=CB69EDEB069A49577592835659CD0E46 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16765_none_5fe0c74b29c7da18\srvnet.sys
[2010/06/21 21:20:34 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=FBD09635227A8026C0F7790F604343C6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_601ad629299bb698\srvnet.sys

< MD5 for: SRVSVC.DLL >
[2010/08/27 00:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=81F1D04D4D0E433099365127375FD501 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7600.16664_none_54fe7fe0047d2a74\srvsvc.dll
[2010/08/27 00:15:56 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=82DEE681AB043BEF8FACE49628E3C1BE -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7600.20789_none_55777e451da680d3\srvsvc.dll
[2009/07/13 19:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=C926920B8978DE6ACFE9E15C709E9B57 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7600.16385_none_54e9daa0048c8438\srvsvc.dll
[2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=D9F42719019740BAA6D1C6D536CBDAA6 -- C:\Windows\SysNative\srvsvc.dll
[2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) MD5=D9F42719019740BAA6D1C6D536CBDAA6 -- C:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2\srvsvc.dll

< MD5 for: WMPLAYER.EXE >
[2009/07/13 19:39:56 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=11AFC25168CA5D0DED22765D37F4639E -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c\wmplayer.exe
[2009/07/13 19:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=1F0F6AB1808781D2A2C2CA02E712ED8C -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_71b35f189d2b8237\wmplayer.exe
[2010/11/20 07:25:33 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=322A96BFB36CEAA506F74D5F98CDA723 -- C:\Program Files\Windows Media Player\wmplayer.exe
[2010/11/20 07:25:33 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=322A96BFB36CEAA506F74D5F98CDA723 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmplayer.exe
[2009/08/29 00:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=58F2330B4EFD5D0AFB3916059ADED428 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_71ff10729cf2bbc7\wmplayer.exe
[2010/08/31 23:08:55 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=8EB032978DF7AFE71E55B2637DBDDAC3 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_67da867981f32767\wmplayer.exe
[2009/08/29 01:49:44 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=913CEBA16F7C22F1AA4F27679ACFE7CC -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_728bae1bb60da796\wmplayer.exe
[2009/08/29 01:47:41 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=92D52C09D2CD7DB74BAE10AA7C6C4A02 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc\wmplayer.exe
[2010/08/31 22:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=A0F1DFC9E47B2524213AFF32E26BE92D -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_71cb05369d197478\wmplayer.exe
[2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=A80C173AC5C75706BB74AE4D78F2A53D -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
[2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=A80C173AC5C75706BB74AE4D78F2A53D -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmplayer.exe
[2009/08/29 02:47:23 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=B91D3FB3C84FCE86D43254D676FD75D7 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_683703c981ace59b\wmplayer.exe
[2010/08/31 23:14:31 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=CA07A30C2C0F45F4BE22381280A872DD -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_67765ae468b8b27d\wmplayer.exe
[2010/09/01 02:05:55 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=EFDC66634A7827196567ED82DA0090FA -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_722f30cbb653e962\wmplayer.exe

< MD5 for: WMPLOC.DLL >
[2010/11/20 06:08:44 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=0FBC74AA20FE0AE6884279F893169C60 -- C:\Windows\SysWOW64\wmploc.DLL
[2010/11/20 06:08:44 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=0FBC74AA20FE0AE6884279F893169C60 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\wmploc.DLL
[2010/09/01 02:03:54 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=25DA32E8B703A293F4E1F943E68D3BEF -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_722f30cbb653e962\wmploc.DLL
[2009/08/29 01:48:23 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=41702513ED2E7E98DE87E508C08491D3 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_728bae1bb60da796\wmploc.DLL
[2010/08/31 23:06:55 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=423DEB0EE3A9B4F4509BA42AF85F0354 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20792_none_67da867981f32767\wmploc.DLL
[2010/08/31 23:12:09 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=550BF4ACD6FC3F41DC5A83EF31B9F9B4 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_67765ae468b8b27d\wmploc.DLL
[2009/08/29 00:54:52 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=96B78543ECF4A519B4F65BF7059F4B33 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_71ff10729cf2bbc7\wmploc.DLL
[2009/07/13 19:11:17 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=B315C62E9046BCB58137A49625B6E253 -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_71b35f189d2b8237\wmploc.DLL
[2009/08/29 01:45:05 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=D62840B33B87BC2ED8D7060D7C66096C -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc\wmploc.DLL
[2009/07/13 19:34:08 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=D8134F0DB2BD7BB39AB91453E6374BB5 -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c\wmploc.DLL
[2010/11/20 07:16:12 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=E19AD0D49BFF5938B3E374873AC174DE -- C:\Windows\SysNative\wmploc.DLL
[2010/11/20 07:16:12 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=E19AD0D49BFF5938B3E374873AC174DE -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmploc.DLL
[2009/08/29 02:44:41 | 012,625,920 | ---- | M] (Microsoft Corporation) MD5=EEDBD4030BC204311BB858CAE1B02D8B -- C:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_683703c981ace59b\wmploc.DLL
[2010/08/31 22:23:49 | 012,625,408 | ---- | M] (Microsoft Corporation) MD5=FA05241C7BC7EBCC36AF78299D0D37FE -- C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_71cb05369d197478\wmploc.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >


OTL log from QUICK SCAN

OTL logfile created on: 12/1/2011 12:32:18 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 70.25% Memory free
8.00 Gb Paging File | 6.76 Gb Available in Paging File | 84.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 598.82 Gb Free Space | 64.28% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.80 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.18 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jay\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Dyn Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSVolAcc) -- C:\Windows\SysNative\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV:64bit: - (PSMounter) -- C:\Windows\SysNative\drivers\psmounter.sys (Macrium Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 1D E8 30 35 B0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 12:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 08:59:55 | 000,000,000 | ---D | M]

[2010/12/26 23:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/18 22:20:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\[email protected]
[2011/11/09 12:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/14 10:25:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 12:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 12:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/01 12:08:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 16:57:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/13 06:43:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 12:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/01 08:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/01 07:27:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:01 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 07:10:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/01 06:44:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 06:44:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 06:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/01 06:44:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 06:43:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 06:40:41 | 004,323,152 | R--- | C] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware1
[2011/12/01 06:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1
[2011/12/01 06:02:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 23:17:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 22:55:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 22:55:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/30 22:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/30 22:50:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/30 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F0E9DF61-5ABC-44DC-9222-937EAC1489AD}
[2011/11/30 22:38:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{2A14D6E6-1245-4463-A259-B9950B8DC325}
[2011/11/30 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42825DC6-B56B-4D2D-B016-524694F6A89C}
[2011/11/30 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D9A41216-AEAA-4DC8-9DD9-362316F53C3E}
[2011/11/29 21:31:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BB7B0A82-D782-478C-AD6E-0FBD9A5EED98}
[2011/11/29 21:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B1160FC8-5EB2-49A6-B5C0-0DFEB1C92B4E}
[2011/11/29 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BF4AA9D0-70D2-4FD0-8249-DF831E6F90B9}
[2011/11/29 09:30:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BE720F7D-B9AE-471B-81AF-8096E9FE8F58}
[2011/11/28 20:34:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EEE0C7C1-8E01-4A04-A93A-CC24D40DFB1E}
[2011/11/28 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F88C8BF9-CB7A-46C6-BACC-86D11F746136}
[2011/11/28 17:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/11/28 17:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/11/28 17:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/28 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Origin
[2011/11/28 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/11/28 16:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/11/28 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Electronic Arts
[2011/11/28 16:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/28 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/28 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/28 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Crysis 2
[2011/11/28 08:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/28 08:34:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1AC7AE94-F6CB-412B-A55C-E39F15A9DC2A}
[2011/11/28 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BA25C3EA-1E18-4ECD-B93B-7BEC53049F55}
[2011/11/20 05:14:52 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6EFE84F7-D8FE-43AC-AD9C-E77DA74BE52A}
[2011/11/20 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3986798F-6EF3-4673-A5C2-FB960141DDDE}
[2011/11/19 16:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{81A3F7B8-0031-420A-BCF4-AD936A66D7FB}
[2011/11/19 16:16:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BAB5F41E-79D2-4401-A324-EF36BA6A9D7E}
[2011/11/19 10:31:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3F3B0314-589E-4B64-84F9-A37467B126CE}
[2011/11/19 09:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 22:14:24 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{33A07DA5-8EEE-4B2F-8469-E7DCF4DC21AC}
[2011/11/18 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B5E9DE64-5E5E-4E6D-806D-5FF49C43745D}
[2011/11/18 06:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{50E2DAB0-0109-4653-ADEC-FE18920E96E2}
[2011/11/18 06:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{0DFEEFA3-5F56-491B-BC38-8CC4A90C9461}
[2011/11/18 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EFCEF8D6-1037-4482-A697-4F4B1BC9069D}
[2011/11/18 06:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4D97116E-7513-4F35-B6A9-150DE2198D0D}
[2011/11/17 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DD9AB8BB-42DD-4299-A724-41BF61479ACE}
[2011/11/17 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3D142A56-3C76-4276-A26D-B2782809C65B}
[2011/11/16 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{47950B38-3585-4D83-8B6D-7B93177D5A56}
[2011/11/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A0A8A1D-79CB-4799-A7CA-1E89B32E58D1}
[2011/11/16 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2011/11/16 21:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJScan
[2011/11/16 21:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/11/16 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{84770B8C-24A5-45DE-B09E-F80756930EC0}
[2011/11/16 09:06:49 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1E3C4AD5-9E15-4ECA-B275-9F4A8DDDED92}
[2011/11/15 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3E4CDFE7-E54F-4CEF-8580-0D223D16B3E1}
[2011/11/15 22:19:32 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03AE7F9E-B7A7-4DB0-AB03-DD411BC709AB}
[2011/11/15 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D90C07AE-DDBF-4283-99F7-4EC4382D5BA4}
[2011/11/15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19C09E64-A3EF-4080-BCC3-017A258904E7}
[2011/11/14 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D32EEA65-988D-4315-86DB-9EA3AEF957F7}
[2011/11/14 11:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D140BCD2-FD48-468F-AACF-C492EC1EA91A}
[2011/11/13 16:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19BA5560-5348-411B-A5C7-C5B2936F59D4}
[2011/11/13 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4942DEEF-6D28-4DEC-87CA-1C7BC53E3BA2}
[2011/11/13 00:06:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D407A41D-D56C-4866-9B39-1CFC0568A1A8}
[2011/11/12 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{60C46267-AF21-4E8D-9650-53D2255936B3}
[2011/11/12 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{56E4AB09-AD80-4F00-92D9-4BB34BE545A5}
[2011/11/11 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{931E0DA8-EAF6-41DB-8A23-251CE2319F4C}
[2011/11/11 20:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3EB99FCF-7DE7-4F34-8419-6BDA0ADECD56}
[2011/11/11 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/11 08:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/11 08:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/11 06:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3052CE44-6977-4148-A243-F902A83A6592}
[2011/11/11 06:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{5C9A7237-419F-458C-B9C2-CDDCCDE60CF4}
[2011/11/10 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CD4B9C4B-B339-4B1C-BEFE-39BB7A4DFA82}
[2011/11/10 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{20B09596-6566-4BCE-B6B4-22C8011BE364}
[2011/11/09 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42B8D87A-AB75-410B-8C1D-96D2AB128662}
[2011/11/09 20:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{7A1A8166-CC46-4555-BDEA-B57C47DBA219}
[2011/11/09 07:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6412DECD-3C2F-4DCC-8BEB-03E0DF20A223}
[2011/11/09 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6AABA6F7-FF17-4DC9-AB0B-E43EAF840829}
[2011/11/08 08:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{FC3DB47D-4466-4ECB-BD76-18E860A92859}
[2011/11/08 08:43:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6ADADD52-1253-4AEA-8D07-762504907D4A}
[2011/11/07 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{06D78708-4CB2-402D-8EB2-90E125EA17A8}
[2011/11/07 17:52:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03C08947-06A7-4F5A-9980-720CD6D85352}
[2011/11/07 08:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64
[2011/11/07 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/11/07 08:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011/11/07 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CA185D45-470F-4EF2-84DB-F1A346D97236}
[2011/11/07 05:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4905633C-C0F8-497D-80BE-DBE2C9C97D82}
[2011/11/06 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{37161634-09C4-46F2-8D25-1BB10CC0B522}
[2011/11/06 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C167E620-E431-4085-845C-DCC8E3AD4339}
[2011/11/05 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Square Enix
[2011/11/05 17:25:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{26136E2F-3324-4BBC-918E-603CB4520BCA}
[2011/11/05 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{74B6D748-44A1-4CAC-9227-C9B348393FBE}
[2011/11/05 04:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C7ADC67A-ADE4-450C-869C-4DFACDCF7902}
[2011/11/05 04:34:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A3486BD-94D8-4D35-8EA8-01A1E6D9244F}
[2011/11/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DFDB9FB4-74EA-436A-9A02-8073917EB1A3}
[2011/11/04 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{41289C0C-E0CB-4179-BEFE-8C60728E923F}
[2011/11/03 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{9B6A9D13-E109-4A04-8213-E583ACDD3379}
[2011/11/03 14:37:22 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{381B2BA2-BEF4-4134-AC52-15C6A00AF69A}
[2011/11/03 08:39:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{420129E8-F140-4386-8D10-C00B7AE219D8}
[2011/11/02 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{E5D0637A-25DD-4D01-A90E-7B1E58C053F6}
[2011/11/02 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4A5D2F89-C837-4968-B42A-AD9D1EC07E6B}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 12:36:33 | 000,733,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/01 12:36:33 | 000,629,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/01 12:36:33 | 000,108,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/01 12:31:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 12:30:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 12:30:50 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 12:22:50 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:22:50 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:08:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/01 11:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 08:38:34 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/01 07:30:12 | 000,000,512 | ---- | M] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 07:28:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:22 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 06:40:52 | 004,323,152 | R--- | M] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,001,151 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:23:42 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:09:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 08:42:15 | 000,001,593 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/28 08:46:57 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/28 08:35:20 | 000,001,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/11/19 09:49:52 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/09 12:13:59 | 000,002,059 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:43:40 | 000,185,234 | ---- | M] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/09 07:28:05 | 000,309,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 12:01:37 | 000,251,182 | ---- | M] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/07 05:52:35 | 000,010,240 | ---- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 19:06:58 | 000,020,460 | ---- | M] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 08:38:34 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/01 07:30:12 | 000,000,512 | ---- | C] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 06:48:47 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2011/12/01 06:48:47 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/12/01 06:48:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/01 06:48:41 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/12/01 06:48:41 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/01 06:48:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/01 06:48:41 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/01 06:48:41 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/12/01 06:48:41 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/01 06:48:41 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/01 06:48:41 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/01 06:48:41 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/01 06:48:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/01 06:48:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/01 06:48:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/01 06:48:41 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/01 06:48:41 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/01 06:48:41 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/01 06:48:41 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/01 06:48:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/01 06:48:40 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/12/01 06:48:40 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 06:48:40 | 000,002,365 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX880 series On-screen Manual.lnk
[2011/12/01 06:48:40 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/12/01 06:48:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/12/01 06:48:40 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2011/12/01 06:48:40 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/01 06:48:40 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/01 06:48:40 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/01 06:48:40 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/01 06:48:40 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011/12/01 06:48:40 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2011/12/01 06:48:40 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2011/12/01 06:48:40 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/12/01 06:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 06:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 06:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 06:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 06:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/01 06:23:42 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:55:18 | 000,001,151 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/30 08:24:39 | 000,001,593 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/09 07:43:40 | 000,185,234 | ---- | C] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/07 12:02:02 | 000,251,182 | ---- | C] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/06 19:06:56 | 000,020,460 | ---- | C] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/05 11:46:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/01 17:43:11 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/31 12:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 13:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 13:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 13:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 13:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 13:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 13:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 13:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 13:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 13:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 13:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/30 07:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 01:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/23 22:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/23 09:54:07 | 000,782,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 05:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 05:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 05:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 05:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 05:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 05:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 05:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 05:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 05:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 05:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 05:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 05:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 05:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/01/05 15:28:19 | 000,007,597 | ---- | C] () -- C:\Users\Jay\AppData\Local\resmon.resmoncfg
[2010/12/31 20:58:15 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/29 15:28:31 | 000,010,240 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:00:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 17:00:17 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/27 17:00:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/27 10:19:32 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/18 13:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 15:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/03/03 22:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== LOP Check ==========

[2011/11/07 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/04/19 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canneverbe Limited
[2011/11/28 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/05/19 09:25:08 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Digiarty
[2010/12/31 21:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\DisplayTune
[2011/08/08 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ImgBurn
[2011/04/19 18:38:40 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\OpenOffice.org
[2011/11/28 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/07 07:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SmartVoip
[2011/12/01 07:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\uTorrent
[2010/12/27 17:10:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Windows Live Writer
[2011/10/25 09:44:55 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Let's see if we can get this to work:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/11/08 20:01:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/18 22:20:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions\[email protected]
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Close all of your browsers and Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and Paste the log into a reply.


Ron
  • 0

#9
jchitrav

jchitrav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Ron,

I ran the OTL RUN FIX with the script you provided it worked through without any errors. Reboot prompt came up and system was rebooted. Here is the OTL quick scan log after the reboot.


OTL Quickscan log

OTL logfile created on: 12/1/2011 1:27:25 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.71% Memory free
8.00 Gb Paging File | 6.72 Gb Available in Paging File | 83.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 598.73 Gb Free Space | 64.28% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 47.80 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
Drive E: | 186.31 Gb Total Space | 23.49 Gb Free Space | 12.61% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 1510.18 Gb Free Space | 54.04% Space Free | Partition Type: NTFS
Drive G: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 81.72 Gb Free Space | 17.54% Space Free | Partition Type: NTFS

Computer Name: PRIME | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jay\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\DynDNS Updater\DynTray.exe (Dyn, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Dyn Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamservice.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSVolAcc) -- C:\Windows\SysNative\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV:64bit: - (PSMounter) -- C:\Windows\SysNative\drivers\psmounter.sys (Macrium Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 1D E8 30 35 B0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 12:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 08:59:55 | 000,000,000 | ---D | M]

[2010/12/26 23:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2011/12/01 13:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\2dj36vjb.default\extensions
[2011/11/09 12:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/14 10:25:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/09 12:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 12:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/01 12:08:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{952A0406-D334-4062-B217-5A9D5EBAB5FE}: NameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 16:57:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/13 06:43:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 12:15:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/01 08:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/01 07:27:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:01 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 07:10:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/01 06:44:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 06:44:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 06:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/01 06:44:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 06:43:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 06:40:41 | 004,323,152 | R--- | C] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware1
[2011/12/01 06:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware1
[2011/12/01 06:02:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 23:17:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 22:55:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 22:55:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/30 22:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/30 22:50:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/30 22:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F0E9DF61-5ABC-44DC-9222-937EAC1489AD}
[2011/11/30 22:38:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{2A14D6E6-1245-4463-A259-B9950B8DC325}
[2011/11/30 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42825DC6-B56B-4D2D-B016-524694F6A89C}
[2011/11/30 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D9A41216-AEAA-4DC8-9DD9-362316F53C3E}
[2011/11/29 21:31:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BB7B0A82-D782-478C-AD6E-0FBD9A5EED98}
[2011/11/29 21:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B1160FC8-5EB2-49A6-B5C0-0DFEB1C92B4E}
[2011/11/29 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BF4AA9D0-70D2-4FD0-8249-DF831E6F90B9}
[2011/11/29 09:30:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BE720F7D-B9AE-471B-81AF-8096E9FE8F58}
[2011/11/28 20:34:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EEE0C7C1-8E01-4A04-A93A-CC24D40DFB1E}
[2011/11/28 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{F88C8BF9-CB7A-46C6-BACC-86D11F746136}
[2011/11/28 17:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/11/28 17:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/11/28 17:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/28 17:03:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Origin
[2011/11/28 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/11/28 16:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/11/28 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Electronic Arts
[2011/11/28 16:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/28 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/28 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/11/28 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Crysis 2
[2011/11/28 08:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/28 08:34:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1AC7AE94-F6CB-412B-A55C-E39F15A9DC2A}
[2011/11/28 08:34:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BA25C3EA-1E18-4ECD-B93B-7BEC53049F55}
[2011/11/20 05:14:52 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6EFE84F7-D8FE-43AC-AD9C-E77DA74BE52A}
[2011/11/20 05:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3986798F-6EF3-4673-A5C2-FB960141DDDE}
[2011/11/19 16:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{81A3F7B8-0031-420A-BCF4-AD936A66D7FB}
[2011/11/19 16:16:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{BAB5F41E-79D2-4401-A324-EF36BA6A9D7E}
[2011/11/19 10:31:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3F3B0314-589E-4B64-84F9-A37467B126CE}
[2011/11/19 09:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/19 09:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 22:14:24 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{33A07DA5-8EEE-4B2F-8469-E7DCF4DC21AC}
[2011/11/18 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{B5E9DE64-5E5E-4E6D-806D-5FF49C43745D}
[2011/11/18 06:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{50E2DAB0-0109-4653-ADEC-FE18920E96E2}
[2011/11/18 06:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{0DFEEFA3-5F56-491B-BC38-8CC4A90C9461}
[2011/11/18 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{EFCEF8D6-1037-4482-A697-4F4B1BC9069D}
[2011/11/18 06:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4D97116E-7513-4F35-B6A9-150DE2198D0D}
[2011/11/17 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DD9AB8BB-42DD-4299-A724-41BF61479ACE}
[2011/11/17 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3D142A56-3C76-4276-A26D-B2782809C65B}
[2011/11/16 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{47950B38-3585-4D83-8B6D-7B93177D5A56}
[2011/11/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A0A8A1D-79CB-4799-A7CA-1E89B32E58D1}
[2011/11/16 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2011/11/16 21:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJScan
[2011/11/16 21:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/11/16 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{84770B8C-24A5-45DE-B09E-F80756930EC0}
[2011/11/16 09:06:49 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{1E3C4AD5-9E15-4ECA-B275-9F4A8DDDED92}
[2011/11/15 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3E4CDFE7-E54F-4CEF-8580-0D223D16B3E1}
[2011/11/15 22:19:32 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03AE7F9E-B7A7-4DB0-AB03-DD411BC709AB}
[2011/11/15 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D90C07AE-DDBF-4283-99F7-4EC4382D5BA4}
[2011/11/15 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19C09E64-A3EF-4080-BCC3-017A258904E7}
[2011/11/14 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D32EEA65-988D-4315-86DB-9EA3AEF957F7}
[2011/11/14 11:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D140BCD2-FD48-468F-AACF-C492EC1EA91A}
[2011/11/13 16:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 16:34:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{19BA5560-5348-411B-A5C7-C5B2936F59D4}
[2011/11/13 16:34:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4942DEEF-6D28-4DEC-87CA-1C7BC53E3BA2}
[2011/11/13 00:06:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{D407A41D-D56C-4866-9B39-1CFC0568A1A8}
[2011/11/12 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{60C46267-AF21-4E8D-9650-53D2255936B3}
[2011/11/12 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{56E4AB09-AD80-4F00-92D9-4BB34BE545A5}
[2011/11/11 20:09:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{931E0DA8-EAF6-41DB-8A23-251CE2319F4C}
[2011/11/11 20:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3EB99FCF-7DE7-4F34-8419-6BDA0ADECD56}
[2011/11/11 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/11 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/11 08:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/11/11 08:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/11 06:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3052CE44-6977-4148-A243-F902A83A6592}
[2011/11/11 06:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{5C9A7237-419F-458C-B9C2-CDDCCDE60CF4}
[2011/11/10 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CD4B9C4B-B339-4B1C-BEFE-39BB7A4DFA82}
[2011/11/10 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{20B09596-6566-4BCE-B6B4-22C8011BE364}
[2011/11/09 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{42B8D87A-AB75-410B-8C1D-96D2AB128662}
[2011/11/09 20:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{7A1A8166-CC46-4555-BDEA-B57C47DBA219}
[2011/11/09 07:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6412DECD-3C2F-4DCC-8BEB-03E0DF20A223}
[2011/11/09 07:28:51 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6AABA6F7-FF17-4DC9-AB0B-E43EAF840829}
[2011/11/08 08:43:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{FC3DB47D-4466-4ECB-BD76-18E860A92859}
[2011/11/08 08:43:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{6ADADD52-1253-4AEA-8D07-762504907D4A}
[2011/11/07 17:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{06D78708-4CB2-402D-8EB2-90E125EA17A8}
[2011/11/07 17:52:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{03C08947-06A7-4F5A-9980-720CD6D85352}
[2011/11/07 08:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64
[2011/11/07 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/11/07 08:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011/11/07 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{CA185D45-470F-4EF2-84DB-F1A346D97236}
[2011/11/07 05:36:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4905633C-C0F8-497D-80BE-DBE2C9C97D82}
[2011/11/06 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{37161634-09C4-46F2-8D25-1BB10CC0B522}
[2011/11/06 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C167E620-E431-4085-845C-DCC8E3AD4339}
[2011/11/05 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Square Enix
[2011/11/05 17:25:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{26136E2F-3324-4BBC-918E-603CB4520BCA}
[2011/11/05 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{74B6D748-44A1-4CAC-9227-C9B348393FBE}
[2011/11/05 04:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{C7ADC67A-ADE4-450C-869C-4DFACDCF7902}
[2011/11/05 04:34:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{3A3486BD-94D8-4D35-8EA8-01A1E6D9244F}
[2011/11/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{DFDB9FB4-74EA-436A-9A02-8073917EB1A3}
[2011/11/04 10:18:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{41289C0C-E0CB-4179-BEFE-8C60728E923F}
[2011/11/03 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{9B6A9D13-E109-4A04-8213-E583ACDD3379}
[2011/11/03 14:37:22 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{381B2BA2-BEF4-4134-AC52-15C6A00AF69A}
[2011/11/03 08:39:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{420129E8-F140-4386-8D10-C00B7AE219D8}
[2011/11/02 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{E5D0637A-25DD-4D01-A90E-7B1E58C053F6}
[2011/11/02 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\{4A5D2F89-C837-4968-B42A-AD9D1EC07E6B}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 13:31:51 | 000,733,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/01 13:31:51 | 000,629,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/01 13:31:51 | 000,108,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/01 13:25:47 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 13:25:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 13:25:32 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 12:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 12:38:34 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:38:34 | 000,019,648 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:08:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/01 08:38:34 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/01 07:30:12 | 000,000,512 | ---- | M] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 07:28:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2011/12/01 07:19:22 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jay\Desktop\tdsskiller.exe
[2011/12/01 06:40:52 | 004,323,152 | R--- | M] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2011/12/01 06:23:42 | 000,001,151 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:23:42 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 06:09:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2011/11/30 08:42:15 | 000,001,593 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/28 08:46:57 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/28 08:35:20 | 000,001,071 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/11/19 09:49:52 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/09 12:13:59 | 000,002,059 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 07:43:40 | 000,185,234 | ---- | M] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/09 07:28:05 | 000,309,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 12:01:37 | 000,251,182 | ---- | M] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/07 05:52:35 | 000,010,240 | ---- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 19:06:58 | 000,020,460 | ---- | M] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Jay\*.tmp files -> C:\Users\Jay\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 08:38:34 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/01 07:30:12 | 000,000,512 | ---- | C] () -- C:\Users\Jay\Desktop\MBR.dat
[2011/12/01 06:48:47 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2011/12/01 06:48:47 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
[2011/12/01 06:48:41 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/01 06:48:41 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/12/01 06:48:41 | 000,002,497 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/01 06:48:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/01 06:48:41 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/01 06:48:41 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/12/01 06:48:41 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/01 06:48:41 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/01 06:48:41 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/01 06:48:41 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/01 06:48:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/01 06:48:41 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/01 06:48:41 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/01 06:48:41 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/01 06:48:41 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/01 06:48:41 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/01 06:48:41 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/01 06:48:40 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/01 06:48:40 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/12/01 06:48:40 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 06:48:40 | 000,002,365 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX880 series On-screen Manual.lnk
[2011/12/01 06:48:40 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/12/01 06:48:40 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011/12/01 06:48:40 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2011/12/01 06:48:40 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/01 06:48:40 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/01 06:48:40 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/01 06:48:40 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/01 06:48:40 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011/12/01 06:48:40 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2011/12/01 06:48:40 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2011/12/01 06:48:40 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/12/01 06:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 06:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 06:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 06:44:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 06:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/01 06:23:42 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 22:55:18 | 000,001,151 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/30 08:24:39 | 000,001,593 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011/11/09 07:43:40 | 000,185,234 | ---- | C] () -- C:\Users\Jay\Documents\who i am.rar
[2011/11/07 12:02:02 | 000,251,182 | ---- | C] () -- C:\Users\Jay\Documents\Jyothi Release.pdf
[2011/11/06 19:06:56 | 000,020,460 | ---- | C] () -- C:\Users\Jay\Documents\Calcium Anuja Project.odt
[2011/10/12 16:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/05 11:46:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/01 17:43:11 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/31 12:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 13:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 13:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 13:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 13:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 13:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 13:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 13:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 13:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 13:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 13:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/30 07:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 01:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/23 22:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/23 09:54:07 | 000,782,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 05:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 05:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 05:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 05:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 05:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 05:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 05:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 05:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 05:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 05:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 05:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 05:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 05:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/01/05 15:28:19 | 000,007,597 | ---- | C] () -- C:\Users\Jay\AppData\Local\resmon.resmoncfg
[2010/12/31 20:58:15 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/29 15:28:31 | 000,010,240 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 17:00:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/27 17:00:17 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/27 17:00:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/27 10:19:32 | 000,000,048 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/18 13:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 15:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/03/03 22:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== LOP Check ==========

[2011/11/07 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Broad Intelligence
[2011/04/19 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canneverbe Limited
[2011/11/28 12:06:10 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canon
[2011/05/19 09:25:08 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Digiarty
[2010/12/31 21:01:05 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\DisplayTune
[2011/08/08 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ImgBurn
[2011/04/19 18:38:40 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\OpenOffice.org
[2011/11/28 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Origin
[2011/11/07 07:56:09 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SmartVoip
[2011/12/01 07:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\uTorrent
[2010/12/27 17:10:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Windows Live Writer
[2011/10/25 09:44:55 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Unless you are having other problems that I don't see I think you are clean of malware.

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#11
jchitrav

jchitrav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your timely help Ron.

I have completed the housekeeping as you suggested.
The Adblock is now installed along with Avast uptodate and MBAM trial running for now hopefully I'm secured.
Will be checking the Updates frequently using the Updatechecker.
No more utorrent for me but i use skype for all my calling, hope that part of p2p does not infect me.

Any other malware protection you would recommend apart from the above?

Once again appreciate all your help.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Skype is OK just be careful what calls you answer. When I was on Skype I was always getting messages claiming to be from my ISP or Microsoft or my anti-virus saying that I needed to run some program or click on some link. Obvious SPAM but it might have been malware related.

You should be OK as long as you keep everything up to date. If you are really paranoid you can add the NoScript extension. This will require that you give permission before Javascript or Java (and maybe flash) programs can run on each URL. Works best if you have a limited number of sites you visit. Otherwise it's a pain. http://noscript.net/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP