Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Exploit:JS/Pdfjsc.Q

Started by xooma3 , Dec 05 2011 11:57 PM

  • Please log in to reply

#1
xooma3
Posted 05 December 2011 - 11:57 PM

xooma3

    New Member

  • Member
  • Pip
  • 5 posts
My system is pretty dirty. Right now I need help removing an infection called "Exploit:Win32/Pdfjsc.Q". I found it using Microsoft's Security Scanner, which gave me this link with more info about the virus: http://www.microsoft...:Win32/Pdfjsc.Q

I would greatly appreciate help getting rid of Pdfjsc.Q and any other lurking viruses.

Thanks,
Janelle

OTL logfile created on: 12/5/2011 10:08:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\..\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.46% Memory free
4.14 Gb Paging File | 2.46 Gb Available in Paging File | 59.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 67.86 Gb Free Space | 45.98% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 18:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\..\Downloads\OTL.exe
PRC - [2011/10/28 01:51:46 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Windows\Installer\MSI295B.tmp
PRC - [2011/10/24 12:43:40 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/16 16:36:04 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/07 21:37:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 10:21:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/09/23 13:47:40 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 11:39:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 11:39:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/09/22 11:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/19 14:27:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/11/19 14:27:25 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/11/19 14:27:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/11/19 14:27:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/11/14 21:39:54 | 000,420,920 | ---- | M] () -- C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 21:39:53 | 003,702,840 | ---- | M] () -- C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 21:38:16 | 000,122,952 | ---- | M] () -- C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 21:38:15 | 000,222,280 | ---- | M] () -- C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 21:38:14 | 001,746,504 | ---- | M] () -- C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 18:36:18 | 008,593,056 | ---- | M] () -- C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/10/02 18:10:15 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/07 21:37:13 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/03/29 14:31:57 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/25 10:24:31 | 000,271,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/10 13:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 13:23:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/06/10 13:23:18 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/28 01:51:46 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Windows\Installer\MSI295B.tmp -- (SCPDFReadSpool)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/07/15 11:39:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/01 08:10:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/09/16 16:36:04 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/05 09:49:39 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 11:39:26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/14 11:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 15:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/22 05:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2008/08/18 10:01:06 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ICDUSB3.sys -- (ICDUSB3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B E5 7E 20 B6 B3 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.18
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.80
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.23
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.7


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\..\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\..\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/17 14:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/28 00:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 00:28:03 | 000,000,000 | ---D | M]

[2009/12/16 21:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\Mozilla\Extensions
[2011/10/02 18:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/09/27 08:42:57 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/03/23 12:52:47 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
[2011/07/14 09:45:31 | 000,000,000 | ---D | M] ("Leapforce - Search Engine Evaluator Toolbar") -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\qrptoolbar@leapforceathome
[2011/07/14 09:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/28 21:37:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/17 14:44:10 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/28 21:36:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [googletalk] C:\Users\..\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E025592-2AE5-4ABF-A071-19EC78D991B3}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{779F046B-A5FE-4E62-9A20-2D126295E4F7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{407e606d-d7a4-11df-a665-00234df7d177}\Shell - "" = AutoRun
O33 - MountPoints2\{407e606d-d7a4-11df-a665-00234df7d177}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Malwarebytes
[2011/12/05 18:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 18:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/05 18:53:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/05 18:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/03 21:43:57 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\FileZilla
[2011/12/03 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/12/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/11/22 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\..\.idlerc
[2011/11/22 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2
[2011/11/22 18:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Python
[2011/11/16 21:45:24 | 000,000,000 | ---D | C] -- C:\Users\..\Desktop\Photos
[2011/11/14 22:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/03 21:08:39 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2011/05/03 21:08:39 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2011/05/03 21:08:39 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2011/05/03 21:08:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2011/05/03 21:08:39 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2011/05/03 21:08:39 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2011/05/03 21:08:39 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2011/05/03 21:08:39 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBChcp.dll
[2011/05/03 21:08:39 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2011/05/03 21:08:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2011/05/03 21:08:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
[2011/05/03 21:08:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2011/05/03 21:08:38 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2011/05/03 21:08:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2011/05/03 21:08:38 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2011/05/03 21:08:38 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2011/05/03 21:08:38 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[3 C:\Users\..\Documents\*.tmp files -> C:\Users\..\Documents\*.tmp -> ]
[2 C:\Users\..\Desktop\*.tmp files -> C:\Users\..\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\..\AppData\Local\*.tmp files -> C:\Users\..\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 21:19:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/05 21:18:00 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000UA.job
[2011/12/05 18:55:26 | 089,992,886 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/12/05 18:53:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 17:59:10 | 001,008,114 | ---- | M] () -- C:\Users\..\Desktop\rkill.com
[2011/12/05 17:39:16 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/05 17:39:16 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/05 17:36:24 | 000,001,205 | ---- | M] () -- C:\Users\..\Desktop\FixNCR.reg
[2011/12/05 17:26:06 | 000,010,840 | -HS- | M] () -- C:\Users\..\AppData\Local\i8e7vsc7768
[2011/12/05 17:26:06 | 000,010,840 | -HS- | M] () -- C:\ProgramData\i8e7vsc7768
[2011/12/05 15:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/05 14:19:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/05 14:18:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000Core.job
[2011/12/03 22:01:28 | 000,011,308 | ---- | M] () -- C:\Users\..\Desktop\index.html
[2011/12/03 20:35:32 | 000,013,009 | ---- | M] () -- C:\Users\..\.recently-used.xbel
[2011/11/28 23:44:52 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 23:44:52 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 22:55:38 | 000,027,376 | ---- | M] () -- C:\Users\..\Desktop\Air.jpg
[2011/11/24 13:33:45 | 000,097,365 | ---- | M] () -- C:\Users\..\Desktop\favorite pic ever.jpg
[2011/11/22 18:38:31 | 000,000,069 | ---- | M] () -- C:\Users\..\Desktop\Hello Word
[2011/11/21 20:13:46 | 000,127,895 | ---- | M] () -- C:\Users\..\Desktop\mid124H.pdf
[2011/11/21 20:13:33 | 000,055,706 | ---- | M] () -- C:\Users\..\Desktop\m124Hmt2-3.jpg
[2011/11/20 13:38:33 | 000,013,742 | ---- | M] () -- C:\Users\..\Desktop\27d8468e719e7991d702afbf69066658.pdf
[2011/11/20 13:38:28 | 000,009,780 | ---- | M] () -- C:\Users\..\Desktop\53b85684d42cdf97e3f6d6bd64c2ec6a.pdf
[2011/11/20 13:38:24 | 000,013,884 | ---- | M] () -- C:\Users\..\Desktop\30cf7ecdc9e1917e36459b0d5ba02b7d.pdf
[2011/11/18 13:51:14 | 1580,748,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 23:06:43 | 000,427,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/12 12:45:58 | 297,068,423 | ---- | M] () -- C:\Windows\MEMORY.DMP
[3 C:\Users\..\Documents\*.tmp files -> C:\Users\..\Documents\*.tmp -> ]
[2 C:\Users\..\Desktop\*.tmp files -> C:\Users\..\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\..\AppData\Local\*.tmp files -> C:\Users\..\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 18:53:32 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 18:00:00 | 001,008,114 | ---- | C] () -- C:\Users\..\Desktop\rkill.com
[2011/12/05 17:40:02 | 000,001,205 | ---- | C] () -- C:\Users\..\Desktop\FixNCR.reg
[2011/12/05 17:23:59 | 000,010,840 | -HS- | C] () -- C:\Users\..\AppData\Local\i8e7vsc7768
[2011/12/05 17:23:59 | 000,010,840 | -HS- | C] () -- C:\ProgramData\i8e7vsc7768
[2011/12/03 22:01:28 | 000,011,308 | ---- | C] () -- C:\Users\..\Desktop\index.html
[2011/12/03 20:35:32 | 000,013,009 | ---- | C] () -- C:\Users\..\.recently-used.xbel
[2011/11/26 22:55:27 | 000,027,376 | ---- | C] () -- C:\Users\..\Desktop\Air.jpg
[2011/11/24 13:33:42 | 000,097,365 | ---- | C] () -- C:\Users\..\Desktop\favorite pic ever.jpg
[2011/11/22 18:37:37 | 000,000,069 | ---- | C] () -- C:\Users\..\Desktop\Hello Word
[2011/11/21 20:13:46 | 000,127,895 | ---- | C] () -- C:\Users\..\Desktop\mid124H.pdf
[2011/11/21 20:13:28 | 000,055,706 | ---- | C] () -- C:\Users\..\Desktop\m124Hmt2-3.jpg
[2011/11/20 13:38:33 | 000,013,742 | ---- | C] () -- C:\Users\..\Desktop\27d8468e719e7991d702afbf69066658.pdf
[2011/11/20 13:38:28 | 000,009,780 | ---- | C] () -- C:\Users\..\Desktop\53b85684d42cdf97e3f6d6bd64c2ec6a.pdf
[2011/11/20 13:38:24 | 000,013,884 | ---- | C] () -- C:\Users\..\Desktop\30cf7ecdc9e1917e36459b0d5ba02b7d.pdf
[2011/10/28 01:51:51 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011/10/28 01:51:51 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011/10/08 20:51:09 | 000,000,000 | ---- | C] () -- C:\Users\..\AppData\Local\{1ECD72AA-14AF-4ED8-93B4-858BCB1ADECB}
[2011/05/03 21:09:26 | 000,000,140 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/05/03 21:08:39 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2011/05/03 21:08:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBCinst.dll
[2011/05/03 21:08:39 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbcinsb.dll
[2011/05/03 21:08:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2011/05/03 21:07:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2011/05/03 21:07:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2010/11/25 10:27:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/11/25 10:27:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/11/25 10:27:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/11/25 10:27:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/11/25 10:27:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/11/25 10:27:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/11/25 10:27:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/11/25 10:27:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/11/25 10:27:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/11/25 10:27:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/11/25 10:27:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/11/25 10:27:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/11/25 10:27:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/11/25 10:27:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/11/25 10:27:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/11/25 10:27:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/11/25 10:27:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/11/25 10:27:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/11/25 10:27:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/07/07 20:01:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/30 13:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2010/03/30 11:21:13 | 000,124,264 | ---- | C] () -- C:\Windows\System32\mp3dec.dll
[2010/03/30 11:21:13 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2010/03/30 11:21:13 | 000,010,600 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2010/03/02 12:03:43 | 000,006,144 | ---- | C] () -- C:\Users\..\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 11:03:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/02 10:01:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,427,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/13 14:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/13 14:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/12 10:17:17 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Audacity
[2011/10/28 03:19:18 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Dropbox
[2011/10/26 14:33:17 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\e-academy Inc
[2011/12/03 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\FileZilla
[2010/07/22 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\GetRightToGo
[2011/12/03 20:35:32 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\gtk-2.0
[2011/10/28 00:40:33 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\ICAClient
[2010/01/01 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\OpenOffice.org
[2011/10/28 01:52:06 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\SolidDocuments
[2011/12/05 17:46:15 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\uTorrent
[2009/07/13 20:53:46 | 000,020,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by xooma3, 08 December 2011 - 11:07 AM.

  • 0

Advertisements

#2
RKinner
Posted 06 December 2011 - 01:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/12/05 17:23:59 | 000,010,840 | -HS- | C] () -- C:\Users\Janelle Van Hofwegen\AppData\Local\i8e7vsc7768
[2011/12/05 17:23:59 | 000,010,840 | -HS- | C] () -- C:\ProgramData\i8e7vsc7768

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
xooma3
Posted 06 December 2011 - 12:51 PM

xooma3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron, thanks for your help. I followed your instructions.

Here are the logs:

Combofix
ComboFix 11-12-06.01 - .. 12/06/2011 8:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2010.1234 [GMT -8:00]
Running from: c:\users\..\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\..\Documents\~WRL1252.tmp
c:\users\..\Documents\~WRL3114.tmp
c:\users\..\Documents\~WRL3413.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 16:20 . 2011-12-06 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 15:58 . 2011-12-06 15:58 -------- d-----w- C:\_OTL
2011-12-06 02:53 . 2011-12-06 02:53 -------- d-----w- c:\users\..\AppData\Roaming\Malwarebytes
2011-12-06 02:53 . 2011-12-06 02:53 -------- d-----w- c:\programdata\Malwarebytes
2011-12-06 02:53 . 2011-12-06 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-06 02:53 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 05:43 . 2011-12-04 06:05 -------- d-----w- c:\users\..\AppData\Roaming\FileZilla
2011-12-04 05:43 . 2011-12-04 05:43 -------- d-----w- c:\program files\FileZilla FTP Client
2011-11-23 02:24 . 2011-11-23 02:37 -------- d-----w- c:\users\..\.idlerc
2011-11-23 02:23 . 2011-11-23 02:23 98304 ----a-r- c:\users\..\AppData\Roaming\Microsoft\Installer\{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}\python_icon.exe
2011-11-23 02:22 . 2011-11-23 02:23 -------- d-----w- c:\program files\Python
2011-11-14 21:40 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-11-14 21:40 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-11-14 21:38 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-11-13 22:40 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-11-13 22:40 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-11-13 22:40 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-11-12 21:52 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 21:52 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-12 21:51 . 2011-09-29 04:20 2339840 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 21:46 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-11-12 21:46 . 2011-08-15 04:25 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-12 21:45 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-11-12 21:45 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-11-12 21:45 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-12 21:45 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-12 21:45 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-12 21:45 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-12 21:45 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-12 21:45 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-12 21:45 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-12 21:45 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-12 21:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-12 21:45 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-11-12 21:43 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 23:08 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-09 04:51 . 2011-10-09 04:51 0 ---ha-w- c:\users\..\AppData\Local\BITA180.tmp
2011-10-04 09:53 . 2011-10-28 09:51 19272 ----a-w- c:\windows\system32\solidlocalui.dll
2011-10-04 09:53 . 2011-10-28 09:51 27976 ----a-w- c:\windows\system32\solidlocalmon.dll
2011-10-03 02:10 . 2011-10-03 02:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 00:36 . 2011-09-17 00:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-09-17 00:36 . 2009-12-17 05:40 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-10-12 23:33 . 2010-10-12 23:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-13 01:15 . 2010-10-13 01:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 23:37 . 2010-10-12 23:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 23:35 . 2010-10-12 23:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 23:34 . 2010-10-12 23:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 23:32 . 2010-10-12 23:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 23:35 . 2010-10-12 23:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 23:34 . 2010-10-12 23:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 19:42 . 2010-07-14 19:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 23:37 . 2010-10-12 23:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\..\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-11-25 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [2008-08-18 11264]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 538096]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI295B.tmp [2011-10-28 180552]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 15:44]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 15:44]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000Core.job
- c:\users\..\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 03:53]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000UA.job
- c:\users\..\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 03:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI295B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-06 08:22:56
ComboFix-quarantined-files.txt 2011-12-06 16:22
.
Pre-Run: 73,258,127,360 bytes free
Post-Run: 75,779,153,920 bytes free
.
- - End Of File - - 0C2085FA61FFD5BAF02CF443ED5955B8


TDSSKiller:
08:25:45.0136 1268 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
08:25:45.0448 1268 ============================================================
08:25:45.0448 1268 Current date / time: 2011/12/06 08:25:45.0448
08:25:45.0448 1268 SystemInfo:
08:25:45.0448 1268
08:25:45.0448 1268 OS Version: 6.1.7600 ServicePack: 0.0
08:25:45.0448 1268 Product type: Workstation
08:25:45.0448 1268 ComputerName: LENOVO-PC
08:25:45.0448 1268 UserName: ..
08:25:45.0448 1268 Windows directory: C:\Windows
08:25:45.0448 1268 System windows directory: C:\Windows
08:25:45.0448 1268 Processor architecture: Intel x86
08:25:45.0448 1268 Number of processors: 2
08:25:45.0448 1268 Page size: 0x1000
08:25:45.0448 1268 Boot type: Normal boot
08:25:45.0448 1268 ============================================================
08:25:46.0400 1268 Initialize success
08:25:49.0270 0684 ============================================================
08:25:49.0270 0684 Scan started
08:25:49.0270 0684 Mode: Manual;
08:25:49.0270 0684 ============================================================
08:25:50.0128 0684 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
08:25:50.0128 0684 1394ohci - ok
08:25:50.0160 0684 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
08:25:50.0160 0684 ACPI - ok
08:25:50.0191 0684 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
08:25:50.0191 0684 AcpiPmi - ok
08:25:50.0222 0684 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:25:50.0238 0684 adp94xx - ok
08:25:50.0347 0684 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:25:50.0362 0684 adpahci - ok
08:25:50.0362 0684 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:25:50.0378 0684 adpu320 - ok
08:25:50.0440 0684 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
08:25:50.0440 0684 AFD - ok
08:25:50.0487 0684 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
08:25:50.0487 0684 agp440 - ok
08:25:50.0487 0684 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:25:50.0503 0684 aic78xx - ok
08:25:50.0643 0684 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
08:25:50.0643 0684 aliide - ok
08:25:50.0690 0684 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
08:25:50.0690 0684 amdagp - ok
08:25:50.0706 0684 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
08:25:50.0706 0684 amdide - ok
08:25:50.0737 0684 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:25:50.0737 0684 AmdK8 - ok
08:25:50.0752 0684 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:25:50.0752 0684 AmdPPM - ok
08:25:50.0862 0684 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
08:25:50.0862 0684 amdsata - ok
08:25:50.0893 0684 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:25:50.0893 0684 amdsbs - ok
08:25:50.0940 0684 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
08:25:50.0940 0684 amdxata - ok
08:25:51.0002 0684 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
08:25:51.0002 0684 AppID - ok
08:25:51.0158 0684 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:25:51.0158 0684 arc - ok
08:25:51.0158 0684 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:25:51.0174 0684 arcsas - ok
08:25:51.0205 0684 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:25:51.0205 0684 AsyncMac - ok
08:25:51.0236 0684 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
08:25:51.0236 0684 atapi - ok
08:25:51.0376 0684 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
08:25:51.0439 0684 atikmdag - ok
08:25:51.0595 0684 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
08:25:51.0610 0684 ATSwpWDF - ok
08:25:51.0688 0684 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
08:25:51.0688 0684 AvgLdx86 - ok
08:25:51.0829 0684 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
08:25:51.0829 0684 AvgMfx86 - ok
08:25:51.0891 0684 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
08:25:51.0891 0684 AvgTdiX - ok
08:25:52.0016 0684 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:25:52.0047 0684 b06bdrv - ok
08:25:52.0219 0684 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:25:52.0219 0684 b57nd60x - ok
08:25:52.0266 0684 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:25:52.0266 0684 Beep - ok
08:25:52.0328 0684 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:25:52.0328 0684 blbdrive - ok
08:25:52.0484 0684 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
08:25:52.0484 0684 bowser - ok
08:25:52.0500 0684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:25:52.0500 0684 BrFiltLo - ok
08:25:52.0531 0684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:25:52.0531 0684 BrFiltUp - ok
08:25:52.0578 0684 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:25:52.0578 0684 Brserid - ok
08:25:52.0609 0684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:25:52.0624 0684 BrSerWdm - ok
08:25:52.0734 0684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:25:52.0734 0684 BrUsbMdm - ok
08:25:52.0749 0684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:25:52.0749 0684 BrUsbSer - ok
08:25:52.0812 0684 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
08:25:52.0812 0684 BthEnum - ok
08:25:52.0843 0684 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:25:52.0843 0684 BTHMODEM - ok
08:25:52.0874 0684 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
08:25:52.0874 0684 BthPan - ok
08:25:52.0936 0684 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
08:25:52.0936 0684 BTHPORT - ok
08:25:53.0077 0684 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
08:25:53.0077 0684 BTHUSB - ok
08:25:53.0170 0684 catchme - ok
08:25:53.0264 0684 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:25:53.0264 0684 cdfs - ok
08:25:53.0311 0684 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
08:25:53.0311 0684 cdrom - ok
08:25:53.0358 0684 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:25:53.0358 0684 circlass - ok
08:25:53.0404 0684 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:25:53.0404 0684 CLFS - ok
08:25:53.0451 0684 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:25:53.0451 0684 CmBatt - ok
08:25:53.0545 0684 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
08:25:53.0545 0684 cmdide - ok
08:25:53.0576 0684 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:25:53.0576 0684 CNG - ok
08:25:53.0654 0684 CnxtHdAudService (225e3e97021d72067ab359a295bf8c6f) C:\Windows\system32\drivers\CHDRT32.sys
08:25:53.0670 0684 CnxtHdAudService - ok
08:25:53.0701 0684 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:25:53.0701 0684 Compbatt - ok
08:25:53.0716 0684 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:25:53.0716 0684 CompositeBus - ok
08:25:53.0810 0684 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:25:53.0810 0684 crcdisk - ok
08:25:53.0857 0684 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
08:25:53.0857 0684 CSC - ok
08:25:53.0935 0684 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
08:25:53.0935 0684 ctxusbm - ok
08:25:53.0997 0684 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
08:25:53.0997 0684 DfsC - ok
08:25:54.0013 0684 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:25:54.0013 0684 discache - ok
08:25:54.0122 0684 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:25:54.0122 0684 Disk - ok
08:25:54.0184 0684 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
08:25:54.0184 0684 Dot4 - ok
08:25:54.0216 0684 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:25:54.0216 0684 Dot4Print - ok
08:25:54.0262 0684 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
08:25:54.0262 0684 dot4usb - ok
08:25:54.0325 0684 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:25:54.0325 0684 drmkaud - ok
08:25:54.0387 0684 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
08:25:54.0387 0684 DXGKrnl - ok
08:25:54.0543 0684 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
08:25:54.0543 0684 e1yexpress - ok
08:25:54.0652 0684 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:25:54.0699 0684 ebdrv - ok
08:25:54.0855 0684 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:25:54.0855 0684 elxstor - ok
08:25:54.0902 0684 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
08:25:54.0902 0684 ErrDev - ok
08:25:54.0933 0684 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:25:54.0949 0684 exfat - ok
08:25:55.0074 0684 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:25:55.0074 0684 fastfat - ok
08:25:55.0089 0684 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:25:55.0089 0684 fdc - ok
08:25:55.0136 0684 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:25:55.0136 0684 FileInfo - ok
08:25:55.0152 0684 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:25:55.0152 0684 Filetrace - ok
08:25:55.0167 0684 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:25:55.0167 0684 flpydisk - ok
08:25:55.0198 0684 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:25:55.0198 0684 FltMgr - ok
08:25:55.0230 0684 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:25:55.0230 0684 FsDepends - ok
08:25:55.0354 0684 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:25:55.0354 0684 Fs_Rec - ok
08:25:55.0417 0684 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
08:25:55.0417 0684 fvevol - ok
08:25:55.0464 0684 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:25:55.0464 0684 gagp30kx - ok
08:25:55.0510 0684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:25:55.0510 0684 GEARAspiWDM - ok
08:25:55.0666 0684 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:25:55.0666 0684 hcw85cir - ok
08:25:55.0713 0684 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
08:25:55.0729 0684 HdAudAddService - ok
08:25:55.0760 0684 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:25:55.0760 0684 HDAudBus - ok
08:25:55.0791 0684 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:25:55.0791 0684 HidBatt - ok
08:25:55.0916 0684 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:25:55.0916 0684 HidBth - ok
08:25:55.0947 0684 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:25:55.0947 0684 HidIr - ok
08:25:55.0994 0684 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
08:25:55.0994 0684 HidUsb - ok
08:25:56.0041 0684 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:25:56.0041 0684 HpSAMD - ok
08:25:56.0166 0684 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
08:25:56.0181 0684 HTTP - ok
08:25:56.0212 0684 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
08:25:56.0212 0684 hwpolicy - ok
08:25:56.0259 0684 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
08:25:56.0259 0684 i8042prt - ok
08:25:56.0400 0684 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
08:25:56.0400 0684 iaStorV - ok
08:25:56.0478 0684 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
08:25:56.0478 0684 IBMPMDRV - ok
08:25:56.0540 0684 ICDUSB3 (4b9f5768f6da1fd247198d91a07328d9) C:\Windows\system32\Drivers\ICDUSB3.sys
08:25:56.0540 0684 ICDUSB3 - ok
08:25:56.0696 0684 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:25:56.0774 0684 igfx - ok
08:25:56.0899 0684 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:25:56.0899 0684 iirsp - ok
08:25:56.0930 0684 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
08:25:56.0930 0684 intelide - ok
08:25:56.0961 0684 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:25:56.0961 0684 intelppm - ok
08:25:57.0008 0684 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:25:57.0008 0684 IpFilterDriver - ok
08:25:57.0024 0684 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:25:57.0024 0684 IPMIDRV - ok
08:25:57.0055 0684 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:25:57.0055 0684 IPNAT - ok
08:25:57.0180 0684 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:25:57.0180 0684 IRENUM - ok
08:25:57.0211 0684 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
08:25:57.0211 0684 isapnp - ok
08:25:57.0226 0684 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
08:25:57.0242 0684 iScsiPrt - ok
08:25:57.0273 0684 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:25:57.0273 0684 kbdclass - ok
08:25:57.0304 0684 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
08:25:57.0304 0684 kbdhid - ok
08:25:57.0414 0684 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
08:25:57.0414 0684 KSecDD - ok
08:25:57.0476 0684 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
08:25:57.0476 0684 KSecPkg - ok
08:25:57.0523 0684 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:25:57.0523 0684 lltdio - ok
08:25:57.0570 0684 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:25:57.0585 0684 LSI_FC - ok
08:25:57.0679 0684 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:25:57.0679 0684 LSI_SAS - ok
08:25:57.0710 0684 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:25:57.0710 0684 LSI_SAS2 - ok
08:25:57.0726 0684 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:25:57.0726 0684 LSI_SCSI - ok
08:25:57.0757 0684 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:25:57.0757 0684 luafv - ok
08:25:57.0772 0684 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:25:57.0772 0684 megasas - ok
08:25:57.0788 0684 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:25:57.0788 0684 MegaSR - ok
08:25:57.0819 0684 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:25:57.0819 0684 Modem - ok
08:25:57.0866 0684 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:25:57.0866 0684 monitor - ok
08:25:57.0975 0684 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:25:57.0975 0684 mouclass - ok
08:25:58.0022 0684 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:25:58.0022 0684 mouhid - ok
08:25:58.0053 0684 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
08:25:58.0053 0684 mountmgr - ok
08:25:58.0084 0684 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
08:25:58.0084 0684 mpio - ok
08:25:58.0116 0684 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:25:58.0116 0684 mpsdrv - ok
08:25:58.0209 0684 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
08:25:58.0225 0684 MRxDAV - ok
08:25:58.0272 0684 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:25:58.0272 0684 mrxsmb - ok
08:25:58.0334 0684 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:25:58.0334 0684 mrxsmb10 - ok
08:25:58.0365 0684 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:25:58.0381 0684 mrxsmb20 - ok
08:25:58.0396 0684 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
08:25:58.0396 0684 msahci - ok
08:25:58.0506 0684 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
08:25:58.0506 0684 msdsm - ok
08:25:58.0537 0684 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:25:58.0552 0684 Msfs - ok
08:25:58.0568 0684 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:25:58.0568 0684 mshidkmdf - ok
08:25:58.0646 0684 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\Windows\system32\Drivers\nx6000.sys
08:25:58.0646 0684 MSHUSBVideo - ok
08:25:58.0677 0684 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
08:25:58.0677 0684 msisadrv - ok
08:25:58.0802 0684 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:25:58.0802 0684 MSKSSRV - ok
08:25:58.0849 0684 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:25:58.0849 0684 MSPCLOCK - ok
08:25:58.0864 0684 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:25:58.0864 0684 MSPQM - ok
08:25:58.0896 0684 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:25:58.0896 0684 MsRPC - ok
08:25:58.0927 0684 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
08:25:58.0927 0684 mssmbios - ok
08:25:58.0942 0684 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:25:58.0942 0684 MSTEE - ok
08:25:58.0958 0684 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:25:58.0958 0684 MTConfig - ok
08:25:59.0052 0684 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:25:59.0067 0684 Mup - ok
08:25:59.0114 0684 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:25:59.0114 0684 NativeWifiP - ok
08:25:59.0161 0684 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
08:25:59.0161 0684 NDIS - ok
08:25:59.0208 0684 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:25:59.0208 0684 NdisCap - ok
08:25:59.0239 0684 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:25:59.0254 0684 NdisTapi - ok
08:25:59.0286 0684 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
08:25:59.0286 0684 Ndisuio - ok
08:25:59.0301 0684 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
08:25:59.0301 0684 NdisWan - ok
08:25:59.0332 0684 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
08:25:59.0332 0684 NDProxy - ok
08:25:59.0395 0684 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:25:59.0410 0684 NetBIOS - ok
08:25:59.0442 0684 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
08:25:59.0457 0684 NetBT - ok
08:25:59.0613 0684 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
08:25:59.0676 0684 netw5v32 - ok
08:25:59.0816 0684 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:25:59.0816 0684 nfrd960 - ok
08:25:59.0847 0684 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:25:59.0847 0684 Npfs - ok
08:25:59.0878 0684 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:25:59.0878 0684 nsiproxy - ok
08:25:59.0941 0684 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
08:25:59.0941 0684 Ntfs - ok
08:26:00.0066 0684 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:26:00.0066 0684 Null - ok
08:26:00.0128 0684 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
08:26:00.0128 0684 nvraid - ok
08:26:00.0175 0684 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
08:26:00.0175 0684 nvstor - ok
08:26:00.0222 0684 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
08:26:00.0222 0684 nv_agp - ok
08:26:00.0346 0684 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
08:26:00.0346 0684 ohci1394 - ok
08:26:00.0378 0684 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:26:00.0393 0684 Parport - ok
08:26:00.0409 0684 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
08:26:00.0409 0684 partmgr - ok
08:26:00.0440 0684 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:26:00.0440 0684 Parvdm - ok
08:26:00.0549 0684 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
08:26:00.0565 0684 pci - ok
08:26:00.0580 0684 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
08:26:00.0580 0684 pciide - ok
08:26:00.0596 0684 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:26:00.0596 0684 pcmcia - ok
08:26:00.0627 0684 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:26:00.0627 0684 pcw - ok
08:26:00.0658 0684 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:26:00.0658 0684 PEAUTH - ok
08:26:00.0830 0684 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:26:00.0846 0684 PptpMiniport - ok
08:26:00.0861 0684 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:26:00.0861 0684 Processor - ok
08:26:00.0908 0684 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:26:00.0908 0684 Psched - ok
08:26:00.0970 0684 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
08:26:00.0970 0684 PxHelp20 - ok
08:26:01.0033 0684 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:26:01.0048 0684 ql2300 - ok
08:26:01.0173 0684 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:26:01.0173 0684 ql40xx - ok
08:26:01.0204 0684 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:26:01.0204 0684 QWAVEdrv - ok
08:26:01.0236 0684 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:26:01.0236 0684 RasAcd - ok
08:26:01.0282 0684 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:26:01.0282 0684 RasAgileVpn - ok
08:26:01.0298 0684 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:26:01.0314 0684 Rasl2tp - ok
08:26:01.0438 0684 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:26:01.0438 0684 RasPppoe - ok
08:26:01.0470 0684 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:26:01.0470 0684 RasSstp - ok
08:26:01.0501 0684 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
08:26:01.0501 0684 rdbss - ok
08:26:01.0516 0684 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:26:01.0516 0684 rdpbus - ok
08:26:01.0532 0684 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:26:01.0532 0684 RDPCDD - ok
08:26:01.0563 0684 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
08:26:01.0563 0684 RDPDR - ok
08:26:01.0688 0684 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:26:01.0688 0684 RDPENCDD - ok
08:26:01.0735 0684 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:26:01.0735 0684 RDPREFMP - ok
08:26:01.0750 0684 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
08:26:01.0766 0684 RDPWD - ok
08:26:01.0797 0684 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
08:26:01.0797 0684 rdyboost - ok
08:26:01.0844 0684 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
08:26:01.0844 0684 RFCOMM - ok
08:26:01.0984 0684 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
08:26:01.0984 0684 RimUsb - ok
08:26:02.0047 0684 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:26:02.0047 0684 rspndr - ok
08:26:02.0094 0684 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
08:26:02.0094 0684 s3cap - ok
08:26:02.0218 0684 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
08:26:02.0218 0684 sbp2port - ok
08:26:02.0234 0684 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
08:26:02.0250 0684 scfilter - ok
08:26:02.0296 0684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:26:02.0296 0684 secdrv - ok
08:26:02.0328 0684 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:26:02.0328 0684 Serenum - ok
08:26:02.0359 0684 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:26:02.0359 0684 Serial - ok
08:26:02.0484 0684 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:26:02.0484 0684 sermouse - ok
08:26:02.0515 0684 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
08:26:02.0515 0684 sffdisk - ok
08:26:02.0530 0684 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:26:02.0546 0684 sffp_mmc - ok
08:26:02.0577 0684 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:26:02.0577 0684 sffp_sd - ok
08:26:02.0593 0684 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:26:02.0593 0684 sfloppy - ok
08:26:02.0624 0684 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
08:26:02.0640 0684 sisagp - ok
08:26:02.0749 0684 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:26:02.0749 0684 SiSRaid2 - ok
08:26:02.0811 0684 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:26:02.0811 0684 SiSRaid4 - ok
08:26:02.0858 0684 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:26:02.0858 0684 Smb - ok
08:26:02.0967 0684 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:26:02.0967 0684 spldr - ok
08:26:03.0030 0684 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
08:26:03.0030 0684 srv - ok
08:26:03.0076 0684 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
08:26:03.0076 0684 srv2 - ok
08:26:03.0123 0684 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
08:26:03.0123 0684 SrvHsfHDA - ok
08:26:03.0170 0684 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
08:26:03.0186 0684 SrvHsfV92 - ok
08:26:03.0264 0684 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
08:26:03.0264 0684 SrvHsfWinac - ok
08:26:03.0342 0684 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
08:26:03.0342 0684 srvnet - ok
08:26:03.0388 0684 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:26:03.0388 0684 stexstor - ok
08:26:03.0435 0684 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
08:26:03.0435 0684 storflt - ok
08:26:03.0544 0684 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
08:26:03.0544 0684 storvsc - ok
08:26:03.0576 0684 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
08:26:03.0576 0684 swenum - ok
08:26:03.0654 0684 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
08:26:03.0669 0684 Tcpip - ok
08:26:03.0794 0684 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
08:26:03.0794 0684 TCPIP6 - ok
08:26:03.0841 0684 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
08:26:03.0841 0684 tcpipreg - ok
08:26:03.0872 0684 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
08:26:03.0872 0684 TDPIPE - ok
08:26:03.0888 0684 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
08:26:03.0888 0684 TDTCP - ok
08:26:03.0919 0684 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
08:26:03.0919 0684 tdx - ok
08:26:03.0934 0684 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
08:26:03.0934 0684 TermDD - ok
08:26:03.0997 0684 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
08:26:03.0997 0684 TPM - ok
08:26:04.0106 0684 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:26:04.0106 0684 tssecsrv - ok
08:26:04.0153 0684 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
08:26:04.0153 0684 tunnel - ok
08:26:04.0184 0684 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:26:04.0184 0684 uagp35 - ok
08:26:04.0215 0684 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
08:26:04.0215 0684 udfs - ok
08:26:04.0340 0684 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:26:04.0340 0684 uliagpkx - ok
08:26:04.0402 0684 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
08:26:04.0402 0684 umbus - ok
08:26:04.0418 0684 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:26:04.0434 0684 UmPass - ok
08:26:04.0496 0684 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
08:26:04.0496 0684 USBAAPL - ok
08:26:04.0621 0684 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
08:26:04.0621 0684 usbaudio - ok
08:26:04.0668 0684 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
08:26:04.0668 0684 usbccgp - ok
08:26:04.0714 0684 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
08:26:04.0714 0684 usbcir - ok
08:26:04.0761 0684 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
08:26:04.0761 0684 usbehci - ok
08:26:04.0886 0684 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
08:26:04.0886 0684 usbhub - ok
08:26:04.0902 0684 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
08:26:04.0917 0684 usbohci - ok
08:26:04.0933 0684 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:26:04.0948 0684 usbprint - ok
08:26:04.0995 0684 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
08:26:04.0995 0684 usbscan - ok
08:26:05.0042 0684 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
08:26:05.0042 0684 USBSTOR - ok
08:26:05.0104 0684 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
08:26:05.0104 0684 usbuhci - ok
08:26:05.0229 0684 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
08:26:05.0229 0684 usbvideo - ok
08:26:05.0292 0684 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:26:05.0292 0684 vdrvroot - ok
08:26:05.0338 0684 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:26:05.0338 0684 vga - ok
08:26:05.0354 0684 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:26:05.0354 0684 VgaSave - ok
08:26:05.0385 0684 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
08:26:05.0385 0684 vhdmp - ok
08:26:05.0510 0684 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
08:26:05.0510 0684 viaagp - ok
08:26:05.0541 0684 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:26:05.0541 0684 ViaC7 - ok
08:26:05.0588 0684 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
08:26:05.0588 0684 viaide - ok
08:26:05.0619 0684 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
08:26:05.0619 0684 vmbus - ok
08:26:05.0635 0684 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
08:26:05.0635 0684 VMBusHID - ok
08:26:05.0666 0684 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
08:26:05.0666 0684 volmgr - ok
08:26:05.0775 0684 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:26:05.0775 0684 volmgrx - ok
08:26:05.0822 0684 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
08:26:05.0822 0684 volsnap - ok
08:26:05.0869 0684 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:26:05.0869 0684 vsmraid - ok
08:26:05.0884 0684 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:26:05.0884 0684 vwifibus - ok
08:26:05.0916 0684 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:26:05.0916 0684 WacomPen - ok
08:26:06.0040 0684 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
08:26:06.0040 0684 WANARP - ok
08:26:06.0040 0684 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
08:26:06.0040 0684 Wanarpv6 - ok
08:26:06.0087 0684 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:26:06.0087 0684 Wd - ok
08:26:06.0134 0684 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:26:06.0150 0684 Wdf01000 - ok
08:26:06.0228 0684 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:26:06.0243 0684 WfpLwf - ok
08:26:06.0274 0684 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:26:06.0274 0684 WIMMount - ok
08:26:06.0352 0684 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
08:26:06.0352 0684 WinUsb - ok
08:26:06.0399 0684 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:26:06.0399 0684 WmiAcpi - ok
08:26:06.0446 0684 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:26:06.0446 0684 ws2ifsl - ok
08:26:06.0493 0684 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:26:06.0493 0684 WSDPrintDevice - ok
08:26:06.0618 0684 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
08:26:06.0618 0684 WudfPf - ok
08:26:06.0680 0684 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:26:06.0680 0684 WUDFRd - ok
08:26:06.0852 0684 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
08:26:06.0852 0684 xusb21 - ok
08:26:06.0883 0684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:26:06.0898 0684 \Device\Harddisk0\DR0 - ok
08:26:06.0898 0684 Boot (0x1200) (bca67c2de1f8c8e58468c68629c53a4a) \Device\Harddisk0\DR0\Partition0
08:26:06.0898 0684 \Device\Harddisk0\DR0\Partition0 - ok
08:26:06.0898 0684 ============================================================
08:26:06.0898 0684 Scan finished
08:26:06.0898 0684 ============================================================
08:26:06.0898 5076 Detected object count: 0
08:26:06.0898 5076 Actual detected object count: 0
08:26:21.0308 3520 Deinitialize success

aswMBR:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 08:27:24
-----------------------------
08:27:24.921 OS Version: Windows 6.1.7600
08:27:24.921 Number of processors: 2 586 0x1706
08:27:24.945 ComputerName: LENOVO-PC UserName:
08:27:25.692 Initialize success
08:28:33.528 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:28:33.544 Disk 0 Vendor: HITACHI_HTS723216L9SA60 FC2ZC50A Size: 152627MB BusType: 3
08:28:35.572 Disk 0 MBR read successfully
08:28:35.572 Disk 0 MBR scan
08:28:35.572 Disk 0 Windows 7 default MBR code
08:28:35.587 Disk 0 scanning sectors +312578048
08:28:35.634 Disk 0 scanning C:\Windows\system32\drivers
08:28:41.531 Service scanning
08:28:42.560 Modules scanning
08:28:59.003 Scan finished successfully
08:29:15.040 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
08:29:15.040 The log file has been saved successfully to "C:\aswMBR.txt"

MalwareBytes
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8323

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/6/2011 10:39:33 AM
mbam-log-2011-12-06 (10-39-33).txt

Scan type: Quick scan
Objects scanned: 162866
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL:
OTL logfile created on: 12/6/2011 10:41:23 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\..\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.83% Memory free
3.93 Gb Paging File | 2.74 Gb Available in Paging File | 69.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 70.62 Gb Free Space | 47.85% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 18:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
PRC - [2011/10/28 01:51:46 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Windows\Installer\MSI295B.tmp
PRC - [2011/10/24 12:43:40 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/16 16:36:04 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/07 21:37:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 10:21:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/09/23 13:47:40 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 11:39:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 11:39:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/09/22 11:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/19 14:39:58 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\8025a990e7c835f8680dcf9814c48ac8\System.Data.SqlServerCe.ni.dll
MOD - [2011/11/19 14:39:44 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/11/19 14:27:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/11/19 14:27:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/11/19 14:27:54 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/11/19 14:27:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/11/19 14:27:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/11/19 14:27:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/11/19 14:27:25 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/11/19 14:27:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/07/07 21:37:13 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/28 01:51:46 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Windows\Installer\MSI295B.tmp -- (SCPDFReadSpool)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/07/15 11:39:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/01 08:10:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/09/16 16:36:04 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/05 09:49:39 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 11:39:26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/14 11:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 15:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/22 05:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2008/08/18 10:01:06 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ICDUSB3.sys -- (ICDUSB3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B E5 7E 20 B6 B3 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\..\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\..\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/17 14:44:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/28 00:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 00:28:03 | 000,000,000 | ---D | M]

[2009/12/16 21:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\Mozilla\Extensions
[2011/10/02 18:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/09/27 08:42:57 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/03/23 12:52:47 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
[2011/07/14 09:45:31 | 000,000,000 | ---D | M] ("Leapforce - Search Engine Evaluator Toolbar") -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\qrptoolbar@leapforceathome
[2011/07/14 09:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/28 21:37:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/17 14:44:10 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/28 21:36:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/06 08:20:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\..\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E025592-2AE5-4ABF-A071-19EC78D991B3}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{779F046B-A5FE-4E62-9A20-2D126295E4F7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 10:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 10:35:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/06 10:34:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\..\Desktop\mbam-setup-1.51.2.1300(2).exe
[2011/12/06 08:26:45 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\..\Desktop\aswMBR.exe
[2011/12/06 08:25:26 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\..\Desktop\tdsskiller.exe
[2011/12/06 08:22:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/06 08:22:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/06 08:12:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/06 08:12:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/06 08:12:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/06 08:12:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/06 08:12:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/06 08:03:42 | 004,328,480 | R--- | C] (Swearware) -- C:\Users\..\Desktop\ComboFix.exe
[2011/12/06 07:58:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/05 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Malwarebytes
[2011/12/05 18:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/05 18:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/05 18:17:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
[2011/12/03 21:43:57 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\FileZilla
[2011/12/03 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/12/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/11/22 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\..\.idlerc
[2011/11/22 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2
[2011/11/22 18:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Python
[2011/11/16 21:45:24 | 000,000,000 | ---D | C] -- C:\Users\..\Desktop\Photos
[2011/11/14 22:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/14 13:40:14 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/11/13 14:40:38 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/11/13 14:40:37 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/12 13:51:09 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/12 13:47:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/12 13:47:19 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/11/12 13:47:18 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/11/12 13:47:16 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/11/12 13:47:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/12 13:46:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/11/12 13:45:51 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/11/12 13:45:51 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/11/12 13:45:50 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/11/12 13:45:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/11/12 13:45:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/11/12 13:45:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/11/12 13:45:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/12 13:45:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/12 13:45:17 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/11/12 13:44:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/11/12 13:44:58 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/11/12 13:44:58 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/11/12 13:44:58 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/11/12 13:44:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/11/12 13:44:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/11/12 13:44:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/11/12 13:44:26 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/11/12 13:44:26 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/11/12 13:44:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/12 13:44:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/12 13:44:26 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/12 13:44:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/11/12 13:44:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/11/12 13:44:25 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/12 13:44:23 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/11/12 13:44:20 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/11/12 13:44:20 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/11/12 13:43:42 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/12 13:43:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/11/12 13:43:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/12 13:43:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/11/12 13:43:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/11/12 13:43:32 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/11/12 13:43:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/12 13:43:32 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/12 13:43:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/12 13:43:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/12 13:43:31 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/12 13:43:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/12 13:43:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/12 13:43:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/12 13:43:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/12 13:43:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/12 13:43:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/03 21:08:39 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2011/05/03 21:08:39 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2011/05/03 21:08:39 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2011/05/03 21:08:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2011/05/03 21:08:39 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2011/05/03 21:08:39 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2011/05/03 21:08:39 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2011/05/03 21:08:39 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBChcp.dll
[2011/05/03 21:08:39 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2011/05/03 21:08:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2011/05/03 21:08:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
[2011/05/03 21:08:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2011/05/03 21:08:38 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2011/05/03 21:08:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2011/05/03 21:08:38 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2011/05/03 21:08:38 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2011/05/03 21:08:38 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2 C:\Users\..\Desktop\*.tmp files -> C:\Users\..\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\..\AppData\Local\*.tmp files -> C:\Users\..\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/06 10:35:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 10:34:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\..\Desktop\mbam-setup-1.51.2.1300(2).exe
[2011/12/06 10:33:53 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 10:33:50 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000UA.job
[2011/12/06 10:33:50 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 10:33:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 08:38:46 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 08:38:46 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 08:37:23 | 090,011,552 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/12/06 08:35:38 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/06 08:35:38 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 08:31:15 | 1580,748,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 08:29:15 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/06 08:27:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\..\Desktop\aswMBR.exe
[2011/12/06 08:25:28 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\..\Desktop\tdsskiller.exe
[2011/12/06 08:20:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/06 08:03:47 | 004,328,480 | R--- | M] (Swearware) -- C:\Users\..\Desktop\ComboFix.exe
[2011/12/05 18:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
[2011/12/05 17:59:10 | 001,008,114 | ---- | M] () -- C:\Users\..\Desktop\rkill.com
[2011/12/05 17:36:24 | 000,001,205 | ---- | M] () -- C:\Users\..\Desktop\FixNCR.reg
[2011/12/05 14:18:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000Core.job
[2011/12/03 22:01:28 | 000,011,308 | ---- | M] () -- C:\Users\..\Desktop\index.html
[2011/12/03 20:35:32 | 000,013,009 | ---- | M] () -- C:\Users\..\.recently-used.xbel
[2011/11/26 22:55:38 | 000,027,376 | ---- | M] () -- C:\Users\..\Desktop\Air.jpg
[2011/11/24 13:33:45 | 000,097,365 | ---- | M] () -- C:\Users\..\Desktop\favorite pic ever.jpg
[2011/11/22 18:38:31 | 000,000,069 | ---- | M] () -- C:\Users\..\Desktop\Hello Word
[2011/11/21 20:13:46 | 000,127,895 | ---- | M] () -- C:\Users\..\Desktop\mid124H.pdf
[2011/11/21 20:13:33 | 000,055,706 | ---- | M] () -- C:\Users\..\Desktop\m124Hmt2-3.jpg
[2011/11/20 13:38:33 | 000,013,742 | ---- | M] () -- C:\Users\..\Desktop\27d8468e719e7991d702afbf69066658.pdf
[2011/11/20 13:38:28 | 000,009,780 | ---- | M] () -- C:\Users\..\Desktop\53b85684d42cdf97e3f6d6bd64c2ec6a.pdf
[2011/11/20 13:38:24 | 000,013,884 | ---- | M] () -- C:\Users\..\Desktop\30cf7ecdc9e1917e36459b0d5ba02b7d.pdf
[2011/11/14 23:06:43 | 000,427,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/12 12:45:58 | 297,068,423 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Users\..\Desktop\*.tmp files -> C:\Users\..\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\..\AppData\Local\*.tmp files -> C:\Users\..\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 10:35:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 08:29:15 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/06 08:12:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/06 08:12:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/06 08:12:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/06 08:12:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/06 08:12:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/05 18:00:00 | 001,008,114 | ---- | C] () -- C:\Users\..\Desktop\rkill.com
[2011/12/05 17:40:02 | 000,001,205 | ---- | C] () -- C:\Users\..\Desktop\FixNCR.reg
[2011/12/03 22:01:28 | 000,011,308 | ---- | C] () -- C:\Users\..\Desktop\index.html
[2011/12/03 20:35:32 | 000,013,009 | ---- | C] () -- C:\Users\..\.recently-used.xbel
[2011/11/26 22:55:27 | 000,027,376 | ---- | C] () -- C:\Users\..\Desktop\Air.jpg
[2011/11/24 13:33:42 | 000,097,365 | ---- | C] () -- C:\Users\..\Desktop\favorite pic ever.jpg
[2011/11/22 18:37:37 | 000,000,069 | ---- | C] () -- C:\Users\..\Desktop\Hello Word
[2011/11/21 20:13:46 | 000,127,895 | ---- | C] () -- C:\Users\..\Desktop\mid124H.pdf
[2011/11/21 20:13:28 | 000,055,706 | ---- | C] () -- C:\Users\..\Desktop\m124Hmt2-3.jpg
[2011/11/20 13:38:33 | 000,013,742 | ---- | C] () -- C:\Users\..\Desktop\27d8468e719e7991d702afbf69066658.pdf
[2011/11/20 13:38:28 | 000,009,780 | ---- | C] () -- C:\Users\..\Desktop\53b85684d42cdf97e3f6d6bd64c2ec6a.pdf
[2011/11/20 13:38:24 | 000,013,884 | ---- | C] () -- C:\Users\..\Desktop\30cf7ecdc9e1917e36459b0d5ba02b7d.pdf
[2011/10/28 01:51:51 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011/10/28 01:51:51 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011/10/08 20:51:09 | 000,000,000 | ---- | C] () -- C:\Users\..\AppData\Local\{1ECD72AA-14AF-4ED8-93B4-858BCB1ADECB}
[2011/05/03 21:09:26 | 000,000,140 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/05/03 21:08:39 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2011/05/03 21:08:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBCinst.dll
[2011/05/03 21:08:39 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbcinsb.dll
[2011/05/03 21:08:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2011/05/03 21:07:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2011/05/03 21:07:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2010/11/25 10:27:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/11/25 10:27:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/11/25 10:27:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/11/25 10:27:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/11/25 10:27:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/11/25 10:27:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/11/25 10:27:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/11/25 10:27:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/11/25 10:27:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/11/25 10:27:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/11/25 10:27:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/11/25 10:27:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/11/25 10:27:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/11/25 10:27:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/11/25 10:27:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/11/25 10:27:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/11/25 10:27:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/11/25 10:27:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/11/25 10:27:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/07/07 20:01:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/30 13:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2010/03/30 11:21:13 | 000,124,264 | ---- | C] () -- C:\Windows\System32\mp3dec.dll
[2010/03/30 11:21:13 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2010/03/30 11:21:13 | 000,010,600 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2010/03/02 12:03:43 | 000,006,144 | ---- | C] () -- C:\Users\..\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 11:03:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/02 10:01:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,427,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/13 14:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/13 14:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

OTL Extras
OTL Extras logfile created on: 12/6/2011 10:41:23 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\..\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.83% Memory free
3.93 Gb Paging File | 2.74 Gb Available in Paging File | 69.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 70.62 Gb Free Space | 47.85% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}" = Python 3.2.2
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6A778A-02DA-4B2D-82F7-733A467984EC}" = Secure Download Manager
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Photo Printer 720" = Dell Photo Printer 720
"jGRASP" = jGRASP
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.19)" = Mozilla Firefox (3.6.19)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Power Management Driver" = ThinkPad Power Management Driver
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"FileZilla Client" = FileZilla Client 3.5.2
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2011 5:13:34 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:44 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/4/2011 5:13:45 PM | Computer Name = Lenovo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 8/12/2010 12:41:51 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 9:41:51 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 8/13/2010 1:02:54 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:02:54 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:04:03 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:03:42 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 8/13/2010 1:04:59 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:04:38 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:05:44 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:05:23 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:06:40 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:06:05 PM - Failed to retrieve SportsSchedule (Error: Unable to
connect to the remote server)

Error - 8/13/2010 1:07:22 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:07:01 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:08:01 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:07:57 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 8/24/2010 10:13:29 PM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 7:13:28 PM - Error connecting to the internet. 7:13:28 PM - Unable
to contact server..

Error - 8/24/2010 10:13:40 PM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 7:13:34 PM - Error connecting to the internet. 7:13:34 PM - Unable
to contact server..

[ System Events ]
Error - 12/16/2010 3:35:14 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/16/2010 3:37:18 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/16/2010 3:37:18 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/16/2010 3:38:43 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016
Description =

Error - 12/16/2010 5:47:26 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/16/2010 10:12:57 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/17/2010 12:59:13 AM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/17/2010 3:01:36 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/17/2010 7:08:15 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/17/2010 8:44:27 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

Edited by xooma3, 08 December 2011 - 11:09 AM.

  • 0

#4
RKinner
Posted 06 December 2011 - 02:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 24
Get the latest version from java.com


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
[2011/03/28 21:37:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Your AVG is obsolete. Let's replace it with the free Avast for now. If you prefer AVG you can download the latest version and uninstall Avast then install AVG after we are done.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think the log file can be found in text form in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt or perhaps C:\ProgramData\Avast Software\Avast5\report\aswboot.txt. Please copy and paste it into a reply.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. Are you still seeing signs of an infection?

Ron
  • 0

#5
xooma3
Posted 06 December 2011 - 05:52 PM

xooma3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I followed your steps. No major signs of infection. However, my internet is acting strange; I sometimes have to refresh a page multiple times to get it to load, or restart a download in order to get it to load fully. Sometimes it displays a "cannot find server". If I refresh, it usually finds the server.

My computer froze right after I scheduled the avast boot scan, so I had to force it to shut down. However, the boot scan ran upon restart. It found no viruses.

Also, the "sfc /scannow" command ran properly and said my system files were ok.

The logs you asked for are below. I also am going to run Microsoft Security's Scanner (which is what originally found the Pdfjsc.Q virus) on my system again to see what it finds.

update: I ran Microsoft's Security Scanner (full scan) and it found no viruses. Does this mean the Pdfjsc.Q is gone?

Avast log:
12/06/2011 14:08
Scan of all local drives

Number of searched folders: 21008
Number of tested files: 764911
Number of infected files: 0

VEW System log
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/12/2011 3:22:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/12/2011 11:09:22 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 06/12/2011 11:08:08 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 06/12/2011 11:08:08 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/12/2011 11:08:28 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.hsd1.wa.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/12/2011 11:08:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.wa.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/12/2011 11:06:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


VEW Application Log
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/12/2011 3:22:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/12/2011 11:06:49 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-3326556133-3739985109-3996872560-1000:
Process 1052 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3326556133-3739985109-3996872560-1000
Process 1052 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3326556133-3739985109-3996872560-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3326556133-3739985109-3996872560-1000\Software\Microsoft\SystemCertificates\trust
Process 1052 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3326556133-3739985109-3996872560-1000\Software\Microsoft\SystemCertificates\Root
Process 1052 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3326556133-3739985109-3996872560-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Edited by xooma3, 06 December 2011 - 07:28 PM.

  • 0

#6
RKinner
Posted 06 December 2011 - 11:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Log: 'System' Date/Time: 06/12/2011 11:08:08 PM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 06/12/2011 11:08:08 PM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter


These are caused by Catalyst Control Center which comes along with your video driver. See:
http://www.overclock...ag-driver-crash
so go to your PC maker's website and get the latest video driver for your PC.



Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
mdnsNSP.dll
atikmdag.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
xooma3
Posted 07 December 2011 - 04:04 PM

xooma3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the driver info.

Here are the two logs:

OTL
OTL logfile created on: 12/7/2011 1:42:03 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\..\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 55.06% Memory free
3.93 Gb Paging File | 2.78 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 71.41 Gb Free Space | 48.39% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 18:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/28 01:51:46 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Windows\Installer\MSI295B.tmp
PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/07/07 21:37:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbccoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/19 14:39:58 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\8025a990e7c835f8680dcf9814c48ac8\System.Data.SqlServerCe.ni.dll
MOD - [2011/11/19 14:39:44 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/11/19 14:27:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/11/19 14:27:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/11/19 14:27:54 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/11/19 14:27:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/11/19 14:27:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/11/19 14:27:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/11/19 14:27:25 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/11/19 14:27:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/10/02 18:10:15 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/07 21:37:13 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/28 01:51:46 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Windows\Installer\MSI295B.tmp -- (SCPDFReadSpool)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/01 08:10:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/02/07 15:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/14 11:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 15:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/22 05:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2008/08/18 10:01:06 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ICDUSB3.sys -- (ICDUSB3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B E5 7E 20 B6 B3 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.18
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.80
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.23
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.7


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\..\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\..\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/28 00:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 00:28:03 | 000,000,000 | ---D | M]

[2009/12/16 21:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\Mozilla\Extensions
[2011/12/06 17:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/09/27 08:42:57 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/03/23 12:52:47 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2011/03/29 17:07:35 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
[2011/07/14 09:45:31 | 000,000,000 | ---D | M] ("Leapforce - Search Engine Evaluator Toolbar") -- C:\Users\..\AppData\Roaming\Mozilla\Firefox\Profiles\od331n4u.default\extensions\qrptoolbar@leapforceathome
[2011/12/06 17:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/06 17:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/12/06 17:41:36 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\..\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\..\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\

O1 HOSTS File: ([2011/12/06 08:20:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\..\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E025592-2AE5-4ABF-A071-19EC78D991B3}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{779F046B-A5FE-4E62-9A20-2D126295E4F7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 17:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/06 17:41:44 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/06 17:41:44 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/06 17:41:44 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/06 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/06 17:30:53 | 000,000,000 | ---D | C] -- C:\Users\..\Desktop\Malware Removal
[2011/12/06 13:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/06 13:55:42 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/06 13:55:41 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/06 13:55:33 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/06 13:55:30 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/06 13:55:29 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/06 13:55:24 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/06 13:55:07 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/06 13:55:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/06 13:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/06 13:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/06 10:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 10:35:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/06 08:22:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/06 08:22:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/06 08:12:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/06 08:12:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/06 08:12:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/06 08:12:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/06 08:12:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/06 07:58:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/05 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Malwarebytes
[2011/12/05 18:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/05 18:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/05 18:17:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
[2011/12/03 21:43:57 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\FileZilla
[2011/12/03 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/12/03 21:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/11/22 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\..\.idlerc
[2011/11/22 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2
[2011/11/22 18:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Python
[2011/11/16 21:45:24 | 000,000,000 | ---D | C] -- C:\Users\..\Desktop\Photos
[2011/11/14 22:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/14 13:40:14 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/11/13 14:40:38 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/11/13 14:40:37 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/12 13:51:09 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/12 13:47:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/12 13:47:19 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/11/12 13:47:18 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/11/12 13:47:16 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/11/12 13:47:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/12 13:46:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/11/12 13:45:51 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/11/12 13:45:51 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/11/12 13:45:50 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/11/12 13:45:50 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/11/12 13:45:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/11/12 13:45:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/11/12 13:45:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/12 13:45:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/12 13:45:17 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/11/12 13:44:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/11/12 13:44:58 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/11/12 13:44:58 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/11/12 13:44:58 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/11/12 13:44:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/11/12 13:44:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/11/12 13:44:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/11/12 13:44:26 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/11/12 13:44:26 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/11/12 13:44:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/12 13:44:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/12 13:44:26 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/12 13:44:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/11/12 13:44:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/11/12 13:44:25 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/12 13:44:23 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/11/12 13:44:20 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/11/12 13:44:20 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/11/12 13:43:42 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/12 13:43:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/11/12 13:43:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/12 13:43:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/11/12 13:43:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/11/12 13:43:32 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/11/12 13:43:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/12 13:43:32 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/12 13:43:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/12 13:43:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/12 13:43:31 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/12 13:43:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/12 13:43:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/12 13:43:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/12 13:43:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/12 13:43:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/12 13:43:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/03 21:08:39 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2011/05/03 21:08:39 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2011/05/03 21:08:39 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2011/05/03 21:08:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2011/05/03 21:08:39 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2011/05/03 21:08:39 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2011/05/03 21:08:39 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2011/05/03 21:08:39 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBChcp.dll
[2011/05/03 21:08:39 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2011/05/03 21:08:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2011/05/03 21:08:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll
[2011/05/03 21:08:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2011/05/03 21:08:38 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbccoms.exe
[2011/05/03 21:08:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2011/05/03 21:08:38 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbcih.exe
[2011/05/03 21:08:38 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbccfg.exe
[2011/05/03 21:08:38 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2 C:\Users\..\Desktop\*.tmp files -> C:\Users\..\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\..\AppData\Local\*.tmp files -> C:\Users\..\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 13:32:48 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000UA.job
[2011/12/07 13:32:48 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 13:32:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 17:41:34 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/06 17:41:34 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/06 17:41:34 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/06 17:41:33 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/12/06 15:15:32 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 15:15:32 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 15:14:11 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/06 15:14:11 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 15:09:22 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 15:07:40 | 1580,748,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 13:55:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/06 08:29:15 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/06 08:20:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/05 18:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
[2011/12/05 14:18:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3326556133-3739985109-3996872560-1000Core.job
[2011/12/03 20:35:32 | 000,013,009 | ---- | M] () -- C:\Users\..\.recently-used.xbel
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 10:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/24 13:33:45 | 000,097,365 | ---- | M] () -- C:\Users\..\Desktop\favorite pic ever.jpg
[2011/11/14 23:06:43 | 000,427,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/12 12:45:58 | 297,068,423 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Users\..\Desktop\*.tmp files -> C:\Users\..\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\..\AppData\Local\*.tmp files -> C:\Users\..\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 08:29:15 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/06 08:12:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/06 08:12:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/06 08:12:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/06 08:12:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/06 08:12:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/03 20:35:32 | 000,013,009 | ---- | C] () -- C:\Users\..\.recently-used.xbel
[2011/11/24 13:33:42 | 000,097,365 | ---- | C] () -- C:\Users\..\Desktop\favorite pic ever.jpg
[2011/10/28 01:51:51 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011/10/28 01:51:51 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011/10/08 20:51:09 | 000,000,000 | ---- | C] () -- C:\Users\..\AppData\Local\{1ECD72AA-14AF-4ED8-93B4-858BCB1ADECB}
[2011/05/03 21:09:26 | 000,000,140 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/05/03 21:08:39 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2011/05/03 21:08:39 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBCinst.dll
[2011/05/03 21:08:39 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbcinsb.dll
[2011/05/03 21:08:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2011/05/03 21:07:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll
[2011/05/03 21:07:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2010/11/25 10:27:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/11/25 10:27:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/11/25 10:27:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/11/25 10:27:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/11/25 10:27:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/11/25 10:27:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/11/25 10:27:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/11/25 10:27:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/11/25 10:27:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/11/25 10:27:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/11/25 10:27:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/11/25 10:27:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/11/25 10:27:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/11/25 10:27:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/11/25 10:27:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/11/25 10:27:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/11/25 10:27:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/11/25 10:27:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/11/25 10:27:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/07/07 20:01:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/03/30 13:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2010/03/30 11:21:13 | 000,124,264 | ---- | C] () -- C:\Windows\System32\mp3dec.dll
[2010/03/30 11:21:13 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2010/03/30 11:21:13 | 000,010,600 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2010/03/02 12:03:43 | 000,006,144 | ---- | C] () -- C:\Users\..\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 11:03:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/02 10:01:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,427,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/13 14:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/13 14:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/06 08:29:15 | 000,000,993 | ---- | M] () -- C:\aswMBR.txt
[2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/16 21:14:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/12/06 08:22:56 | 000,012,856 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/12/06 15:07:40 | 1580,748,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 10:40:01 | 000,000,887 | ---- | M] () -- C:\mbam-log-2011-12-06 (10-39-33).txt
[2011/12/06 08:29:15 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2010/02/02 10:02:27 | 000,022,608 | ---- | M] () -- C:\P1005.log
[2011/12/06 15:07:44 | 2107,666,432 | -HS- | M] () -- C:\pagefile.sys
[2011/12/05 18:03:19 | 000,000,414 | ---- | M] () -- C:\rkill.log
[2011/12/06 08:26:21 | 000,081,424 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_06.12.2011_08.25.45_log.txt
[2011/12/06 15:22:50 | 000,001,852 | ---- | M] () -- C:\VEW.txt
[2011/12/06 15:23:24 | 000,001,852 | ---- | M] () -- C:\VEW_Application.txt
[2011/12/06 15:22:34 | 000,001,945 | ---- | M] () -- C:\VEW_System.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/31 21:11:52 | 000,102,400 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\dlbcpp5c.dll
[2009/09/22 11:50:36 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\Windows\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2009/07/13 17:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfppw73.dll
[2009/07/13 17:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 17:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 17:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/10/02 10:28:21 | 000,001,718 | -HS- | M] () -- C:\Users\..\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-19 17:49:46


< MD5 for: ATIKMDAG.SYS >
[2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) MD5=04F09923A393E4E0E8453A8F78361E73 -- C:\Windows\System32\drivers\atikmdag.sys
[2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) MD5=04F09923A393E4E0E8453A8F78361E73 -- C:\Windows\System32\DriverStore\FileRepository\cl_87324.inf_x86_neutral_b52c10eae430a1c8\B_86988\atikmdag.sys
[2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) MD5=712D8A95E45B070114C5309ADA7358FF -- C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_7d512c02e72ebd25\atikmdag.sys
[2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) MD5=712D8A95E45B070114C5309ADA7358FF -- C:\Windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d\atikmdag.sys
[2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) MD5=712D8A95E45B070114C5309ADA7358FF -- C:\Windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_a7a5cf9ca38aacc7\atikmdag.sys

< MD5 for: BEEP.SYS >
[2009/07/13 15:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009/07/13 15:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009/07/13 15:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CONNECT.DLL >
[2009/07/13 17:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\System32\connect.dll
[2009/07/13 17:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_64e4e40af80e0f24\connect.dll

< MD5 for: MDNSNSP.DLL >
[2010/05/18 15:35:14 | 000,152,864 | ---- | M] (Apple Inc.) MD5=E19A4040E79BE0AACA971117378F7F2B -- C:\Program Files\Bonjour\mdnsNSP.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 17:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/07/13 17:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/13 17:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 04:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2010/11/20 04:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_401c514f83c9df99\netcfgx.dll
[2009/07/13 17:16:02 | 000,403,456 | ---- | M] (Microsoft Corporation) MD5=C5B5CCDBF8ED1475240313ED88234E3F -- C:\Windows\System32\netcfgx.dll
[2009/07/13 17:16:02 | 000,403,456 | ---- | M] (Microsoft Corporation) MD5=C5B5CCDBF8ED1475240313ED88234E3F -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_3deb3d8786db5bff\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2009/07/13 17:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\ERDNT\cache\netman.dll
[2009/07/13 17:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 17:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: NETSHELL.DLL >
[2010/11/20 04:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_d78ad4be6c4ce238\netshell.dll
[2009/07/13 17:16:03 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=F7611E0F05B4EB272102CA9883CA98A7 -- C:\Windows\System32\netshell.dll
[2009/07/13 17:16:03 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=F7611E0F05B4EB272102CA9883CA98A7 -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_d559c0f66f5e5e9e\netshell.dll

< End of report >

OTL Extras

OTL Extras logfile created on: 12/7/2011 1:42:03 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\..\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 55.06% Memory free
3.93 Gb Paging File | 2.78 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 71.41 Gb Free Space | 48.39% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java™ SE Development Kit 7 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}" = Python 3.2.2
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF6A778A-02DA-4B2D-82F7-733A467984EC}" = Secure Download Manager
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"avast" = avast! Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Photo Printer 720" = Dell Photo Printer 720
"jGRASP" = jGRASP
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.19)" = Mozilla Firefox (3.6.19)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Power Management Driver" = ThinkPad Power Management Driver
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"FileZilla Client" = FileZilla Client 3.5.2
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2011 1:15:03 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1498

Error - 12/7/2011 5:32:43 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2011 5:32:43 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15462352

Error - 12/7/2011 5:32:43 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15462352

Error - 12/7/2011 5:32:45 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2011 5:32:45 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15463693

Error - 12/7/2011 5:32:45 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15463693

Error - 12/7/2011 5:32:46 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2011 5:32:46 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15464692

Error - 12/7/2011 5:32:46 PM | Computer Name = Lenovo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15464692

[ Media Center Events ]
Error - 8/12/2010 12:41:51 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 9:41:51 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 8/13/2010 1:02:54 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:02:54 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:04:03 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:03:42 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 8/13/2010 1:04:59 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:04:38 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:05:44 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:05:23 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:06:40 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:06:05 PM - Failed to retrieve SportsSchedule (Error: Unable to
connect to the remote server)

Error - 8/13/2010 1:07:22 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:07:01 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 8/13/2010 1:08:01 AM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 10:07:57 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 8/24/2010 10:13:29 PM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 7:13:28 PM - Error connecting to the internet. 7:13:28 PM - Unable
to contact server..

Error - 8/24/2010 10:13:40 PM | Computer Name = Lenovo-PC | Source = MCUpdate | ID = 0
Description = 7:13:34 PM - Error connecting to the internet. 7:13:34 PM - Unable
to contact server..

[ System Events ]
Error - 12/6/2011 7:08:08 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/6/2011 7:08:08 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/6/2011 7:09:22 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016
Description =

Error - 12/7/2011 1:11:21 PM | Computer Name = Lenovo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.

Error - 12/7/2011 1:11:24 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/7/2011 5:32:43 PM | Computer Name = Lenovo-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

Edited by xooma3, 08 December 2011 - 11:12 AM.

  • 0

#8
RKinner
Posted 07 December 2011 - 06:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Adobe Reader 9.2 still needs to be removed and updated. Other than that I think the malware is gone.

Your ATIKMDAG.SYS file is legit but is from 2009/08/18 so hopefully there is a newer version out there.

I think that's all I can do for you.


We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
xooma3
Posted 08 December 2011 - 01:01 AM

xooma3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron, thank you very much for all your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP