Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Open with Virus? [Solved]

Started by Grundy125 , Dec 09 2011 12:26 PM

  • This topic is locked This topic is locked

#1
Grundy125
Posted 09 December 2011 - 12:26 PM

Grundy125

    Member

  • Member
  • PipPip
  • 13 posts
I just did a system restore from a problem that I had before, now my PC keeps asking me to OPEN WITH every program, but I can run most of them by using Run As Administrator. Looking for some help.

I am wondering on exactly what to do, I already have posted the Fix.reg file from a previous topic I saw posted here. Not too computer savvy although I know my way around most of it.

The Fix.reg file I used contains the following:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

Edited by Grundy125, 09 December 2011 - 12:27 PM.

  • 0

Advertisements

#2
Grundy125
Posted 09 December 2011 - 03:09 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I just did a system restore from a problem that I had before, now my PC keeps asking me to OPEN WITH every program, but I can run most of them by using Run As Administrator. Looking for some help.

I am wondering on exactly what to do, I already have posted the Fix.reg file from a previous topic I saw posted here. Not too computer savvy although I know my way around most of it.

The Fix.reg file I used contains the following:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"



Also, I did a scan on MBAM and the scan brought up this log. No action was taken quite yet though, as I didn't know exactly what to do

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8344

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/9/2011 2:05:48 PM
mbam-log-2011-12-09 (14-05-41).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 550968
Time elapsed: 2 hour(s), 33 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> No action taken.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\frankizzle\AppData\Local\Temp\0.9777984563495077.exe (Trojan.Agent) -> No action taken.
c:\Users\frankizzle\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12\3aaff1cc-299e0aa6 (Trojan.FakeAlert) -> No action taken.
  • 0

#3
Grundy125
Posted 09 December 2011 - 04:20 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
This is the log after I did the removal with MBAM.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8344

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/9/2011 3:13:41 PM
mbam-log-2011-12-09 (15-13-41).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 550968
Time elapsed: 2 hour(s), 33 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\frankizzle\AppData\Local\Temp\0.9777984563495077.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\frankizzle\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12\3aaff1cc-299e0aa6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#4
Dakeyras
Posted 13 December 2011 - 05:40 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
Grundy125
Posted 14 December 2011 - 06:33 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
SecurityCheck



Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player ( 10.2.159.1) Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox ((3.6.18)) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````
  • 0

#6
Grundy125
Posted 14 December 2011 - 06:44 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 12/14/2011 5:25:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Frankizzle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.51% Memory free
7.60 Gb Paging File | 5.15 Gb Available in Paging File | 67.71% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.90 Gb Total Space | 161.35 Gb Free Space | 35.63% Space Free | Partition Type: NTFS
Drive D: | 12.56 Gb Total Space | 2.09 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 94.93 Mb Free Space | 95.87% Space Free | Partition Type: FAT32

Computer Name: SARMIS-PC | User Name: Frankizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Frankizzle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Frankizzle\Desktop\SecurityCheck.exe ()
PRC - C:\Users\Frankizzle\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Users\Frankizzle\Desktop\SecurityCheck.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c523aa7f545394a1ed7f9a6358cf18e3\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\1.0.0.0__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.ServiceManager\6.0.1.1__afd7346f05a57c11\HP.SupportAssistant.ServiceManager.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (RtVOsdService) -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtlisten) -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (bcm) -- C:\Windows\SysNative\drivers\drxvi314_64.sys (Beceem communications pvt ltd.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {cac9d76b-2b7f-4f42-918f-3470a847f562}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.6.0.10
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frankizzle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frankizzle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/10 14:51:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 14:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 14:52:17 | 000,000,000 | ---D | M]

[2010/09/15 18:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankizzle\AppData\Roaming\Mozilla\Extensions
[2011/11/16 12:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankizzle\AppData\Roaming\Mozilla\Firefox\Profiles\gvcmbq4a.default\extensions
[2011/11/10 14:53:33 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Frankizzle\AppData\Roaming\Mozilla\Firefox\Profiles\gvcmbq4a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/11/10 14:53:33 | 000,000,000 | ---D | M] (Dawn of the Dragons Community Toolbar) -- C:\Users\Frankizzle\AppData\Roaming\Mozilla\Firefox\Profiles\gvcmbq4a.default\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}
[2011/11/10 14:53:33 | 000,000,000 | ---D | M] ("Alii Motion Control API") -- C:\Users\Frankizzle\AppData\Roaming\Mozilla\Firefox\Profiles\gvcmbq4a.default\extensions\[email protected]
[2011/11/16 12:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/10 14:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/10 14:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/10 14:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/11/10 14:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/10 14:51:38 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/19 07:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/15 16:09:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003..\Run: [Akamai NetSession Interface] C:\Users\Frankizzle\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003..\Run: [o1ukzqo4hy] C:\Users\Frankizzle\o1ukzqo4hy.exe File not found
O4 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003..\Run: [SODCPreLoad] C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe ()
O4 - Startup: C:\Users\Frankizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Sarmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E68D44B-8E3B-4ED6-8BD0-3048442ECC38}: DhcpNameServer = 64.13.115.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201E781D-CCC7-45C5-96C9-28B361E2DE63}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{526AE3DB-ADC9-48DF-85B3-262AC76068AB}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:100 /RA:delete /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\Alwil Software\Avast5")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3563102425-2883529743-1239242865-1003\...exe [@ = 1I8] -- "C:\Users\Frankizzle\AppData\Local\faf.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 17:11:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Frankizzle\Desktop\OTL.exe
[2011/12/10 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\Desktop\Virus stuffs
[2011/11/28 23:05:18 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{2D61CADD-7AD3-4FC9-8B16-6E4D4FD2AB58}
[2011/11/28 23:05:03 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{ED623B59-76A6-49D6-90B1-E50BEC37E567}
[2011/11/26 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{452D94FB-DA16-442C-A633-7F59D63B9438}
[2011/11/26 19:04:59 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{980546A7-E938-4464-8401-65A00227D70C}
[2011/11/18 21:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/11/18 21:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011/11/18 21:27:19 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eternal-WoW!
[2011/11/17 10:09:31 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/11/17 10:09:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/11/17 10:09:30 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/11/17 10:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/11/15 23:17:15 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{392974F3-B382-4F9F-82B3-31898E0F86A4}
[2011/11/15 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{E0E47CE6-3479-4671-BF91-9D81A2C65954}
[2011/11/15 23:16:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/15 22:53:36 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{7CC4A514-3DA0-4128-B268-85B18ED66A0F}
[2011/11/15 17:29:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/15 17:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/15 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{6EA78ABE-79FC-422A-BDC7-2823196706F1}
[2011/11/15 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{D9FF1820-1D99-46C9-84C8-2E2F27FBAA9D}
[2011/11/15 16:06:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/15 15:19:15 | 000,000,000 | ---D | C] -- C:\Combo-Fix9144C
[2011/11/15 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{FB6C5C88-AA25-4ACD-AD66-48F9FF040E3E}
[2011/11/15 12:45:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/15 12:45:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/15 12:45:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/15 12:44:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/15 12:44:22 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/11/15 12:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/15 11:36:54 | 000,000,000 | ---D | C] -- C:\Users\Frankizzle\AppData\Local\{5425FDA0-682E-4493-8831-C0E15B0B4F6A}
[2011/03/17 06:33:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Frankizzle\AppData\Roaming\pcouffin.sys
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 17:11:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Frankizzle\Desktop\OTL.exe
[2011/12/14 17:10:07 | 000,879,649 | ---- | M] () -- C:\Users\Frankizzle\Desktop\SecurityCheck.exe
[2011/12/14 16:50:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 16:39:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563102425-2883529743-1239242865-1003UA.job
[2011/12/14 16:39:04 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563102425-2883529743-1239242865-1003Core.job
[2011/12/14 16:36:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/12 21:05:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 21:05:15 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 20:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/12 18:31:43 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/12 17:52:11 | 000,008,458 | -HS- | M] () -- C:\Users\Frankizzle\AppData\Local\8eg5f05xlw3y02nepkh1213el776ogl54f8m
[2011/12/12 17:52:11 | 000,008,458 | -HS- | M] () -- C:\ProgramData\8eg5f05xlw3y02nepkh1213el776ogl54f8m
[2011/12/09 11:11:42 | 000,792,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/09 11:11:42 | 000,669,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/09 11:11:42 | 000,125,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/09 11:05:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/09 10:41:20 | 000,008,714 | -HS- | M] () -- C:\Users\Frankizzle\AppData\Local\p166uhu384014606b2721sav15b2e
[2011/12/09 10:41:20 | 000,008,714 | -HS- | M] () -- C:\ProgramData\p166uhu384014606b2721sav15b2e
[2011/11/24 22:50:36 | 000,000,000 | ---- | M] () -- C:\Users\Frankizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/11/24 21:01:46 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrankizzle.job
[2011/11/20 13:41:59 | 000,002,451 | ---- | M] () -- C:\Users\Frankizzle\Desktop\Google Chrome.lnk
[2011/11/18 23:09:26 | 000,786,870 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/17 09:38:00 | 000,000,216 | ---- | M] () -- C:\Users\Frankizzle\AppData\Roaming\wklnhst.dat
[2011/11/15 16:09:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 17:10:17 | 000,879,649 | ---- | C] () -- C:\Users\Frankizzle\Desktop\SecurityCheck.exe
[2011/12/14 16:19:25 | 000,000,312 | ---- | C] () -- C:\Users\Frankizzle\Desktop\Curse Client.appref-ms
[2011/12/10 22:40:51 | 000,008,458 | -HS- | C] () -- C:\Users\Frankizzle\AppData\Local\8eg5f05xlw3y02nepkh1213el776ogl54f8m
[2011/12/10 22:40:51 | 000,008,458 | -HS- | C] () -- C:\ProgramData\8eg5f05xlw3y02nepkh1213el776ogl54f8m
[2011/12/09 10:39:10 | 000,008,714 | -HS- | C] () -- C:\Users\Frankizzle\AppData\Local\p166uhu384014606b2721sav15b2e
[2011/12/09 10:39:10 | 000,008,714 | -HS- | C] () -- C:\ProgramData\p166uhu384014606b2721sav15b2e
[2011/11/24 22:50:36 | 000,000,000 | ---- | C] () -- C:\Users\Frankizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/11/15 12:45:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/15 12:45:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/15 12:45:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/15 12:45:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/15 12:45:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/10 10:01:12 | 000,000,448 | -H-- | C] () -- C:\ProgramData\LndY1RH8YFsHa5
[2011/08/31 18:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 18:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/08/31 18:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/13 06:31:48 | 000,000,216 | ---- | C] () -- C:\Users\Frankizzle\AppData\Roaming\wklnhst.dat
[2011/06/29 17:12:25 | 000,001,854 | ---- | C] () -- C:\Users\Frankizzle\AppData\Roaming\GhostObjGAFix.xml
[2011/04/20 10:51:52 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/04/17 12:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/03/17 06:33:36 | 000,007,859 | ---- | C] () -- C:\Users\Frankizzle\AppData\Roaming\pcouffin.cat
[2011/03/17 06:33:36 | 000,001,167 | ---- | C] () -- C:\Users\Frankizzle\AppData\Roaming\pcouffin.inf
[2011/03/03 06:55:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/30 09:19:33 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/12 12:51:38 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/04 23:16:10 | 000,150,876 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/22 19:08:48 | 000,000,004 | ---- | C] () -- C:\Windows\ppGameDrive.ini
[2010/10/22 19:08:39 | 000,000,017 | ---- | C] () -- C:\Windows\LastXPSetupSMenu.ini
[2010/09/17 22:30:20 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/17 22:30:19 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/16 12:24:09 | 000,000,098 | ---- | C] () -- C:\Users\Frankizzle\AppData\Local\fusioncache.dat
[2010/09/16 12:22:03 | 000,786,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/15 18:16:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/31 07:19:31 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/19 22:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/06/18 09:25:37 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/06/18 09:25:37 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/06/18 09:25:37 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/06/18 09:25:37 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/06/18 09:25:37 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/06/18 09:25:37 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/06/18 09:25:37 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/06/18 09:25:37 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/06/18 09:25:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/06/18 09:25:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/06/18 09:25:37 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/06/18 09:25:37 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/06/18 09:25:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/06/18 09:25:37 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/06/18 09:25:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/06/18 09:25:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/05/21 19:37:28 | 000,000,091 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/02/11 02:22:21 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/02/11 02:22:21 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2007/03/04 12:30:28 | 000,039,060 | -H-- | C] () -- C:\Program Files (x86)\Buffering2.jpg
[2007/03/04 12:30:28 | 000,039,047 | -H-- | C] () -- C:\Program Files (x86)\Buffering5.jpg
[2007/03/04 12:30:28 | 000,039,040 | -H-- | C] () -- C:\Program Files (x86)\Buffering1.jpg
[2007/03/04 12:30:28 | 000,039,038 | -H-- | C] () -- C:\Program Files (x86)\Buffering6.jpg
[2007/03/04 12:30:28 | 000,039,035 | -H-- | C] () -- C:\Program Files (x86)\Buffering4.jpg
[2007/03/04 12:30:28 | 000,039,033 | -H-- | C] () -- C:\Program Files (x86)\Buffering3.jpg
[2007/03/04 12:30:28 | 000,039,020 | -H-- | C] () -- C:\Program Files (x86)\Buffering7.jpg
[2003/11/20 07:09:09 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\CNCS232.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BEB15613

< End of report >
  • 0

#7
Grundy125
Posted 14 December 2011 - 11:04 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I still have a search engine redirect and a Win 7 Security Alert virus. I still have an OpenWith type virus and everything. Google Chrom only opens up in INCOGNITO mode.
  • 0

#8
Dakeyras
Posted 15 December 2011 - 04:17 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I still have a search engine redirect and a Win 7 Security Alert virus. I still have an OpenWith type virus and everything. Google Chrom only opens up in INCOGNITO mode.

OK and thanks for the update...

I see you have run some specific Anti-Malware tools, namely ComboFix, my friendly advice do not run/use such powerful applications unless via trained supervision as the very distinct chance if deployed incorrectly it could render a machine unbootible.

Now if the log is available for the aforementioned I would like to review that before we proceed any further.
  • 0

#9
Grundy125
Posted 15 December 2011 - 09:39 AM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The ComboFix I did hasn't been used since 11/15/2011, I was browsing some forums and found it there as a recommended fix for something that didn't necessarily fix anything.



ComboFix 11-11-15.06 - Frankizzle 11/15/2011 15:29:09.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2258 [GMT -7:00]
Running from: c:\users\Frankizzle\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Frankizzle\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 23:11 . 2011-11-15 23:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3EBE777-7BCE-4827-864A-45D0CF6DEE64}\offreg.dll
2011-11-15 23:06 . 2011-11-15 23:08 -------- d-----w- c:\users\Sarmi\AppData\Local\temp
2011-11-15 23:06 . 2011-11-15 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-15 23:06 . 2011-11-15 23:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-15 19:44 . 2011-11-15 21:52 -------- d-----w- C:\Combo-Fix
2011-11-12 17:59 . 2011-11-12 17:59 -------- d-----w- c:\programdata\WinZip
2011-11-11 21:38 . 2011-11-11 21:38 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-11-11 21:38 . 2011-11-15 18:37 -------- d-----w- c:\programdata\Spyware Terminator
2011-11-11 21:38 . 2011-11-11 21:38 -------- d-----w- c:\users\Frankizzle\AppData\Roaming\Spyware Terminator
2011-11-11 21:37 . 2011-11-11 21:38 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-11-11 21:34 . 2011-11-11 21:34 -------- d-----w- c:\program files (x86)\Bazooka Scanner
2011-11-11 01:46 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-11 01:46 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-10 21:07 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3EBE777-7BCE-4827-864A-45D0CF6DEE64}\mpengine.dll
2011-11-10 21:02 . 2011-11-12 04:37 -------- d-----w- c:\users\Frankizzle\AppData\Local\Akamai
2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\users\Frankizzle\AppData\Roaming\Malwarebytes
2011-11-10 17:21 . 2011-11-10 17:21 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 17:21 . 2011-11-12 01:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-03 14:38 . 2011-11-03 14:38 -------- d-----w- c:\program files (x86)\Cisco Systems
2011-11-03 14:34 . 2011-11-10 21:46 -------- d-----w- c:\programdata\Cisco Systems
2011-10-19 23:33 . 2011-10-19 23:32 318000 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-10-19 23:33 . 2011-10-19 23:32 214824 ----a-w- c:\windows\system32\SET973E.tmp
2011-10-19 23:33 . 2011-10-19 23:32 147752 ----a-w- c:\windows\system32\SET9E81.tmp
2011-10-19 23:33 . 2011-10-19 23:32 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-10-19 23:33 . 2011-10-19 23:32 396584 ----a-w- c:\windows\system32\SET979C.tmp
2011-10-19 23:33 . 2011-10-19 23:32 265000 ----a-w- c:\windows\system32\SynCtrl.dll
2011-10-19 23:33 . 2011-10-19 23:32 210216 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-10-19 23:33 . 2011-10-19 23:32 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-10-19 23:32 . 2011-10-19 23:31 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-10-19 23:32 . 2011-10-19 23:31 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-10-19 23:32 . 2011-10-19 23:31 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-10-19 23:32 . 2011-10-19 23:31 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-10-19 23:32 . 2011-10-19 23:31 149608 ----a-w- c:\windows\system32\SETD596.tmp
2011-10-19 23:32 . 2011-10-19 23:31 2625640 ----a-w- c:\windows\system32\SETD2C3.tmp
2011-10-19 23:32 . 2011-10-19 23:31 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2011-10-19 23:32 . 2011-10-19 23:31 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2011-10-19 23:32 . 2011-10-19 23:30 80488 ----a-w- c:\windows\system32\SETD5E5.tmp
2011-10-19 23:32 . 2009-12-16 19:40 1632256 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-10-19 23:31 . 2011-10-19 23:30 200800 ----a-w- c:\windows\system32\AERTAC64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 23:30 . 2010-02-11 09:24 1251944 ----a-w- c:\windows\RtlExUpd.dll
2011-10-06 21:34 . 2011-10-06 21:34 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-06 21:34 . 2011-10-06 21:34 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-06 21:34 . 2011-10-06 21:34 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-06 21:34 . 2011-10-06 21:34 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-06 21:34 . 2011-10-06 21:34 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-06 21:34 . 2011-10-06 21:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-06 21:34 . 2011-10-06 21:34 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-06 21:34 . 2011-10-06 21:34 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-06 21:34 . 2011-10-06 21:34 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-06 21:34 . 2011-10-06 21:34 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-06 21:34 . 2011-10-06 21:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-06 21:34 . 2011-10-06 21:34 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-10-06 21:34 . 2011-10-06 21:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-06 21:34 . 2011-10-06 21:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-06 21:34 . 2011-10-06 21:34 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-06 21:34 . 2011-10-06 21:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-06 21:34 . 2011-10-06 21:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-06 21:34 . 2011-10-06 21:34 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-06 21:34 . 2011-10-06 21:34 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-06 21:34 . 2011-10-06 21:34 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-06 21:34 . 2011-10-06 21:34 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-06 21:34 . 2011-10-06 21:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-06 21:34 . 2011-10-06 21:34 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-06 21:34 . 2011-10-06 21:34 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-06 21:34 . 2011-10-06 21:34 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-06 21:34 . 2011-10-06 21:34 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-06 21:34 . 2011-10-06 21:34 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-06 21:34 . 2011-10-06 21:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-06 21:34 . 2011-10-06 21:34 448512 ----a-w- c:\windows\system32\html.iec
2011-10-06 21:34 . 2011-10-06 21:34 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-06 21:34 . 2011-10-06 21:34 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-06 21:34 . 2011-10-06 21:34 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-06 21:34 . 2011-10-06 21:34 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-06 21:34 . 2011-10-06 21:34 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-06 21:34 . 2011-10-06 21:34 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-06 21:34 . 2011-10-06 21:34 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-06 21:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-06 21:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-06 21:45 . 2010-10-11 18:48 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 21:45 . 2010-06-13 23:05 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 21:38 . 2010-06-13 23:06 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2010-06-13 23:06 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2010-06-13 23:06 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2010-06-13 23:06 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 21:36 . 2010-06-13 23:06 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 03:03 . 2011-10-13 17:38 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 12:08 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 12:08 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 12:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 12:08 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 12:08 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 12:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-01 02:08 . 2011-09-01 02:08 167704 ----a-w- c:\windows\system32\igfxtray.exe
2011-09-01 02:08 . 2011-09-01 02:08 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-09-01 02:08 . 2011-09-01 02:08 416024 ----a-w- c:\windows\system32\igfxpers.exe
2011-09-01 02:08 . 2011-09-01 02:08 239896 ----a-w- c:\windows\system32\igfxext.exe
2011-09-01 02:08 . 2011-09-01 02:08 392472 ----a-w- c:\windows\system32\hkcmd.exe
2011-09-01 02:08 . 2011-09-01 02:08 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2011-09-01 02:08 . 2011-09-01 02:08 179992 ----a-w- c:\windows\system32\difx64.exe
2011-09-01 01:58 . 2011-09-01 01:58 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll
2011-09-01 01:53 . 2011-09-01 01:53 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-09-01 01:53 . 2010-11-12 19:53 8312320 ----a-w- c:\windows\system32\igdumd64.dll
2011-09-01 01:51 . 2011-09-01 01:51 867020 ----a-w- c:\windows\system32\igkrng575.bin
2011-09-01 01:51 . 2011-09-01 01:51 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2011-09-01 01:47 . 2011-09-01 01:47 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-09-01 01:45 . 2011-09-01 01:45 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-09-01 01:42 . 2009-11-22 00:18 14598656 ----a-w- c:\windows\system32\igd10umd64.dll
2011-09-01 01:37 . 2011-09-01 01:37 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-09-01 01:31 . 2011-09-01 01:31 18641408 ----a-w- c:\windows\system32\ig4icd64.dll
2011-09-01 01:26 . 2011-09-01 01:26 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-09-01 01:22 . 2011-09-01 01:22 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-09-01 01:22 . 2011-09-01 01:22 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-09-01 01:22 . 2011-09-01 01:22 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2011-09-01 01:22 . 2011-09-01 01:22 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-09-01 01:22 . 2011-09-01 01:22 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-09-01 01:22 . 2011-09-01 01:22 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-09-01 01:22 . 2011-09-01 01:22 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-09-01 01:22 . 2011-09-01 01:22 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-09-01 01:22 . 2011-09-01 01:22 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-09-01 01:22 . 2011-09-01 01:22 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-09-01 01:22 . 2011-09-01 01:22 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2011-09-01 01:22 . 2011-09-01 01:22 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-09-01 01:22 . 2011-09-01 01:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-15_21.16.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-15 21:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-15 23:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-15 21:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-15 23:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-15 23:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-15 21:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-20 18:01 . 2011-11-15 23:11 41118 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-15 23:11 42484 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-15 21:16 42484 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-18 17:53 . 2011-11-15 23:11 8804 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3563102425-2883529743-1239242865-1003_UserData.bin
- 2011-11-15 21:14 . 2011-11-15 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-15 23:08 . 2011-11-15 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-15 21:14 . 2011-11-15 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-15 23:08 . 2011-11-15 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-11-15 18:42 633180 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-15 21:19 633180 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-15 18:42 110782 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-15 21:19 110782 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-05 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SODCPreLoad"="c:\program files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe" [2010-09-08 40960]
"Akamai NetSession Interface"="c:\users\Frankizzle\AppData\Local\Akamai\netsession_win.exe" [2011-11-12 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Frankizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-6-21 0]
Dropbox.lnk - c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [x]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-09-28 1148632]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 06:44]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 06:44]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563102425-2883529743-1239242865-1003Core.job
- c:\users\Frankizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-19 16:22]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563102425-2883529743-1239242865-1003UA.job
- c:\users\Frankizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-19 16:22]
.
2011-11-11 c:\windows\Tasks\HPCeeScheduleForFrankizzle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frankizzle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-20 172032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-09-28 2775728]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-09-28 3609776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Frankizzle\AppData\Roaming\Mozilla\Firefox\Profiles\gvcmbq4a.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Dawn of the Dragons Community Toolbar: {cac9d76b-2b7f-4f42-918f-3470a847f562} - %profile%\extensions\{cac9d76b-2b7f-4f42-918f-3470a847f562}
FF - Ext: Alii Motion Control API: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_dac4cfd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3563102425-2883529743-1239242865-1003\Software\SecuROM\License information*]
"datasecu"=hex:71,de,a0,09,6d,59,16,61,d8,2f,23,14,ef,f5,62,89,f6,64,80,a1,d0,
3a,2e,e7,8f,5d,91,29,77,04,60,35,4e,f0,c5,05,56,4e,0e,ae,c7,2b,84,e5,6c,8b,\
"rkeysecu"=hex:c3,cb,a9,60,bd,d0,07,3e,74,f0,16,08,73,1e,4a,6f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\02\1b\02?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\users\Frankizzle\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
**************************************************************************
.
Completion time: 2011-11-15 16:44:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 23:44
ComboFix2.txt 2011-11-15 21:51
.
Pre-Run: 169,372,778,496 bytes free
Post-Run: 169,176,264,704 bytes free
.
- - End Of File - - AF4D67FCC33D25BF124452C63DDD5AB9
  • 0

#10
Dakeyras
Posted 15 December 2011 - 11:24 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I am beginning to suspect your machine may be infected with a nasty Root-Kit variant and some indication of such by what you have described so far and from the logs I have requested. Unfortunately is is not that easy to either fully detect and or eradicate but I will try my best on your behalf.

However please be aware the only recourse may be a reformat and reinstallation of the Windows Operating System.

Anyway I would like to review the OTL Extras log, it should be on the desktop. In the meantime please carry out the below...

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

Right-click on MBRCheck.exe and select Run as Administrator.

A window similar to this should open on your desktop:

If you are prompted with options, enter N at the prompt and press Enter

Press Enter again

A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)

Please post the contents of the log in your next reply.

Next:

Please download this application to the Desktop, then extract the zip file to the Desktop.

Navigate to with in the folder on the Desktop named Preformat, then double-click on Preformat.vbs and follow the prompts.

There should now be a text file named Preformat within the folder.

Please post the contents of the aforementioned text file in your next reply.

Next:

So what I need in your next reply are the following logs and we will go from there, thank you.

  • The OTL Extras Log.
  • MBRCheck Log.
  • Preformat Log.

  • 0

Advertisements

#11
Grundy125
Posted 15 December 2011 - 05:59 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Extras logfile created on: 12/14/2011 5:25:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Frankizzle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.51% Memory free
7.60 Gb Paging File | 5.15 Gb Available in Paging File | 67.71% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.90 Gb Total Space | 161.35 Gb Free Space | 35.63% Space Free | Partition Type: NTFS
Drive D: | 12.56 Gb Total Space | 2.09 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 94.93 Mb Free Space | 95.87% Space Free | Partition Type: FAT32

Computer Name: SARMIS-PC | User Name: Frankizzle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3563102425-2883529743-1239242865-1003\SOFTWARE\Classes\<extension>]
.exe [@ = 1I8] -- "C:\Users\Frankizzle\AppData\Local\faf.exe" -a "%1" %*
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{077AA014-B568-4FF8-B360-9ACE1A1F4571}" = CLEAR Connection Manager
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20c31435-2a0a-4580-be8b-ac06fc243ca5}" = Python 2.7 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E35E58F-1A8E-49F0-8D31-410FDFA2C2A4}" = World Of Warcraft Front End
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6a3b6195-f7c7-453f-9387-450cfd91e3b5}" = IBM Lotus Symphony
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = CenturyLink Installer
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB33664C-5683-40AB-B968-01276F6F3446}" = ebgcRes
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chuzzle Deluxe_is1" = Chuzzle Deluxe
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DVDFab 8_is1" = DVDFab 8.0.8.3 (17/03/2011)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FreeArc" = FreeArc 0.666
"GiftBox+" = GiftBox+
"HandBrake" = HandBrake 0.9.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Loki ActiveX Control" = Loki ActiveX Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"VLC media player" = VLC media player 1.1.10
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3563102425-2883529743-1239242865-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"1b3fd9835e4d92e9" = Eternal-WoW! Launcher
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2011 7:19:07 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:19:07 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:19:07 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:19:07 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:19:07 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:19:08 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/30/2011 7:19:08 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/1/2011 3:24:13 AM | Computer Name = Sarmis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 3:24:14 AM | Computer Name = Sarmis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 12/1/2011 3:24:14 AM | Computer Name = Sarmis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

[ Hewlett-Packard Events ]
Error - 12/9/2011 2:07:52 PM | Computer Name = Sarmis-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 30 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/9/2011 2:08:00 PM | Computer Name = Sarmis-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 30 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/9/2011 5:12:06 PM | Computer Name = Sarmis-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTuneupReady() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTuneupReady() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 60 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 12/13/2011 12:16:48 AM | Computer Name = Sarmis-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 30 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/13/2011 12:16:49 AM | Computer Name = Sarmis-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Application not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Source: System

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 30 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 12/14/2011 12:12:46 PM | Computer Name = Sarmis-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 40 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 12/14/2011 12:13:36 PM | Computer Name = Sarmis-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 40 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 12/14/2011 12:14:26 PM | Computer Name = Sarmis-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 40 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 12/14/2011 12:14:32 PM | Computer Name = Sarmis-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Message: Application
not found StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 40 TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 12/14/2011 12:14:36 PM | Computer Name = Sarmis-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147024891 at System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) at HP.SupportAssistant.Service.ServiceInterface.MoveActionItems(String
sourcePath) Message: Access to the path 'C:\ProgramData\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSAActionItems.xml' is denied. StackTrace:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String
sourceFileName, String destFileName, Boolean overwrite) at HP.SupportAssistant.Service.ServiceInterface.MoveActionItems(String
sourcePath) Source: mscorlib Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM:
3893 Ram Utilization: 40 TargetSite: Void WinIOError(Int32, System.String)

[ Media Center Events ]
Error - 3/3/2011 9:52:28 AM | Computer Name = Sarmis-PC | Source = MCUpdate | ID = 0
Description = 6:52:28 AM - Error connecting to the internet. 6:52:28 AM - Unable
to contact server..

Error - 3/3/2011 9:55:34 AM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =

Error - 3/3/2011 9:56:54 AM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =

Error - 3/6/2011 1:34:29 PM | Computer Name = Sarmis-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =

Error - 3/8/2011 8:21:22 PM | Computer Name = Sarmis-PC | Source = MCUpdate | ID = 0
Description = 5:21:16 PM - Failed to retrieve Broadband (Error: The operation has
timed out)

[ System Events ]
Error - 7/3/2011 10:23:53 PM | Computer Name = Sarmis-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Software Framework Service service to connect.

Error - 7/3/2011 10:23:53 PM | Computer Name = Sarmis-PC | Source = Service Control Manager | ID = 7000
Description = The HP Software Framework Service service failed to start due to the
following error: %%1053

Error - 7/6/2011 11:02:12 PM | Computer Name = Sarmis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:18:13 PM on ?7/?6/?2011 was unexpected.

Error - 7/6/2011 11:04:29 PM | Computer Name = Sarmis-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Software Framework Service service to connect.

Error - 7/6/2011 11:04:29 PM | Computer Name = Sarmis-PC | Source = Service Control Manager | ID = 7000
Description = The HP Software Framework Service service failed to start due to the
following error: %%1053

Error - 7/6/2011 11:04:29 PM | Computer Name = Sarmis-PC | Source = DCOM | ID = 10005
Description =

Error - 7/12/2011 2:31:14 PM | Computer Name = Sarmis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:06:27 PM on ?7/?12/?2011 was unexpected.

Error - 7/18/2011 10:01:01 PM | Computer Name = Sarmis-PC | Source = DCOM | ID = 10010
Description =

Error - 7/18/2011 10:02:38 PM | Computer Name = Sarmis-PC | Source = RTL8167 | ID = 5008
Description = Realtek PCIe FE Family Controller : Has encountered an invalid network
address.

Error - 8/4/2011 11:27:43 PM | Computer Name = Sarmis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:09:07 PM on ?8/?4/?2011 was unexpected.


< End of report >
  • 0

#12
Grundy125
Posted 15 December 2011 - 06:00 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G62 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 197):
0x03051000 \SystemRoot\system32\ntoskrnl.exe
0x03008000 \SystemRoot\system32\hal.dll
0x00BCD000 \SystemRoot\system32\kdcom.dll
0x00C20000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6F000 \SystemRoot\system32\PSHED.dll
0x00C83000 \SystemRoot\system32\CLFS.SYS
0x00CE1000 \SystemRoot\system32\CI.dll
0x00E27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDA000 \SystemRoot\system32\drivers\ACPI.sys
0x00F31000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F3A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F44000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F51000 \SystemRoot\system32\drivers\pci.sys
0x00F84000 \SystemRoot\system32\drivers\isapnp.sys
0x00F8D000 \SystemRoot\system32\drivers\mpio.sys
0x00FB7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FCC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FD5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE1000 \SystemRoot\system32\drivers\volmgr.sys
0x00DA1000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF6000 \SystemRoot\system32\drivers\intelide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E10000 \SystemRoot\system32\drivers\aliide.sys
0x00E17000 \SystemRoot\system32\drivers\amdide.sys
0x00E1E000 \SystemRoot\system32\drivers\cmdide.sys
0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
0x010CD000 \SystemRoot\system32\drivers\msdsm.sys
0x010F3000 \SystemRoot\system32\drivers\nvraid.sys
0x0111B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0114B000 \SystemRoot\system32\drivers\pciide.sys
0x01152000 \SystemRoot\system32\drivers\viaide.sys
0x01219000 \SystemRoot\system32\drivers\iaStorV.sys
0x01421000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0153D000 \SystemRoot\system32\drivers\atapi.sys
0x01546000 \SystemRoot\system32\drivers\ataport.SYS
0x01570000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0158D000 \SystemRoot\system32\DRIVERS\storport.sys
0x015F0000 \SystemRoot\system32\drivers\msahci.sys
0x01400000 \SystemRoot\system32\drivers\HpSAMD.sys
0x01337000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0115A000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x013B2000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x013E1000 \SystemRoot\system32\drivers\amdsata.sys
0x011B0000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01200000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\DRIVERS\arc.sys
0x01019000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01034000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x010BB000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0167F000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0169E000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x016B1000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x016D0000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016DC000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01780000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01790000 \SystemRoot\system32\drivers\nvstor.sys
0x01807000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019AB000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019B9000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019D1000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017BB000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01A70000 \SystemRoot\system32\drivers\fltmgr.sys
0x01ABC000 \SystemRoot\system32\drivers\fileinfo.sys
0x01C1D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01AD0000 \SystemRoot\System32\Drivers\msrpc.sys
0x01DC0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01B2E000 \SystemRoot\System32\Drivers\cng.sys
0x01DDB000 \SystemRoot\System32\drivers\pcw.sys
0x01DEC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EBA000 \SystemRoot\system32\drivers\ndis.sys
0x01E00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x020B4000 \SystemRoot\System32\drivers\tcpip.sys
0x022B8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02302000 \SystemRoot\system32\DRIVERS\wd.sys
0x0230A000 \SystemRoot\system32\drivers\volsnap.sys
0x02356000 \SystemRoot\System32\Drivers\spldr.sys
0x0235E000 \SystemRoot\system32\drivers\sbp2port.sys
0x0237B000 \SystemRoot\System32\drivers\rdyboost.sys
0x023B5000 \SystemRoot\System32\Drivers\mup.sys
0x023C7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x02000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0203A000 \SystemRoot\system32\DRIVERS\disk.sys
0x045AD000 \SystemRoot\system32\drivers\cdrom.sys
0x04651000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x046E9000 \SystemRoot\System32\Drivers\Null.SYS
0x046F2000 \SystemRoot\System32\Drivers\Beep.SYS
0x046F9000 \SystemRoot\System32\drivers\vga.sys
0x04707000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0472C000 \SystemRoot\System32\drivers\watchdog.sys
0x0473C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04745000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0474E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04757000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04762000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04773000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04795000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x047A2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03602000 \SystemRoot\system32\drivers\afd.sys
0x0368B000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03698000 \SystemRoot\System32\DRIVERS\netbt.sys
0x036DD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x036E6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0370C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03722000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0374E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03769000 \SystemRoot\system32\drivers\termdd.sys
0x0377D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x037CE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x037DA000 \SystemRoot\system32\drivers\mssmbios.sys
0x037E5000 \SystemRoot\System32\drivers\discache.sys
0x047B4000 \SystemRoot\System32\Drivers\dfsc.sys
0x03731000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04600000 \SystemRoot\System32\Drivers\aswSP.SYS
0x047D2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03742000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0602A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x052D5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05246000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05257000 \SystemRoot\system32\drivers\usbehci.sys
0x05268000 \SystemRoot\system32\drivers\USBPORT.SYS
0x053C9000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05AF4000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05D96000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05A85000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05AA3000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05AAF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05DA3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05DF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05ABE000 \SystemRoot\system32\drivers\mouclass.sys
0x05ACD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05ADA000 \SystemRoot\system32\drivers\wmiacpi.sys
0x052BE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05AE3000 \SystemRoot\system32\drivers\CompositeBus.sys
0x06BE7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045D7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0205E000 \SystemRoot\System32\Drivers\pcouffin.sys
0x05DF8000 \SystemRoot\system32\drivers\swenum.sys
0x01FAD000 \SystemRoot\system32\drivers\ks.sys
0x0446B000 \SystemRoot\system32\drivers\umbus.sys
0x01BA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02073000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x072C8000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07528000 \SystemRoot\system32\drivers\portcls.sys
0x07565000 \SystemRoot\system32\drivers\drmk.sys
0x07587000 \SystemRoot\system32\drivers\ksthunk.sys
0x0758D000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x07200000 \SystemRoot\System32\Drivers\fastfat.SYS
0x000B0000 \SystemRoot\System32\win32k.sys
0x07272000 \SystemRoot\System32\drivers\Dxapi.sys
0x0727E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0729B000 \SystemRoot\system32\drivers\hidusb.sys
0x072A9000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x075E0000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x0447D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x075E9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x044AB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02ABE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02BDA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02BED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x02A00000 \SystemRoot\system32\drivers\luafv.sys
0x02A23000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02A5D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02A66000 \SystemRoot\system32\DRIVERS\stflt.sys
0x02A92000 \SystemRoot\system32\drivers\WudfPf.sys
0x07236000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x044B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0724B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0450C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0423A000 \SystemRoot\system32\drivers\HTTP.sys
0x04303000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04321000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04339000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04366000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x043B4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06EBF000 \SystemRoot\system32\drivers\peauth.sys
0x06F65000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06F70000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06FA1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07059000 \SystemRoot\System32\DRIVERS\srv.sys
0x070F1000 \SystemRoot\system32\drivers\spsys.sys
0x772E0000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFF600000 \Windows\System32\apisetschema.dll

Processes (total 94):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
548 csrss.exe
620 C:\Windows\System32\wininit.exe
640 csrss.exe
676 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\audiodg.exe
1056 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1352 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1360 C:\Windows\System32\wlanext.exe
1368 C:\Windows\System32\conhost.exe
1740 C:\Windows\System32\spoolsv.exe
1772 C:\Windows\System32\svchost.exe
1840 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
2024 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
704 C:\Windows\SysWOW64\svchost.exe
1032 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files\Bonjour\mDNSResponder.exe
1128 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
2092 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
2128 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2156 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2180 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2216 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2368 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2404 C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
2460 C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
2488 C:\Windows\System32\svchost.exe
2536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2684 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2996 C:\Windows\System32\dwm.exe
3016 C:\Windows\explorer.exe
2596 C:\Windows\System32\svchost.exe
3792 C:\Users\Frankizzle\AppData\Local\Apps\2.0\88ZD4ZGX.14N\L5PYR6MC.GLT\curs..tion_eee711038731a406_0004.0000_2ad57790d5451048\CurseClient.exe
3868 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4004 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
4040 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2748 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
4116 C:\Program Files\Java\jre6\bin\jusched.exe
4128 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
4204 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
4236 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
4260 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
4304 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4372 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4396 C:\Users\Frankizzle\AppData\Local\Akamai\netsession_win.exe
4480 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4500 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
4796 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4804 C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
4820 C:\Users\Frankizzle\AppData\Local\Akamai\netsession_win.exe
4848 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4968 C:\Program Files\iPod\bin\iPodService.exe
3628 C:\Users\Frankizzle\AppData\Local\ccw.exe
3984 C:\Windows\System32\SearchIndexer.exe
3728 C:\Program Files\Windows Media Player\wmpnetwk.exe
4068 C:\Windows\System32\svchost.exe
4124 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4300 WmiPrvSE.exe
3952 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4228 C:\Windows\System32\SearchProtocolHost.exe
2708 C:\Windows\System32\svchost.exe
5172 C:\Windows\splwow64.exe
5328 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5464 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
6044 dllhost.exe
1436 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
5452 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
6136 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
5492 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
4020 C:\Windows\System32\sppsvc.exe
5776 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
1480 C:\Windows\System32\taskeng.exe
3124 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
4360 C:\Windows\SysWOW64\rundll32.exe
5628 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
5288 C:\Windows\servicing\TrustedInstaller.exe
5636 C:\Windows\System32\SearchFilterHost.exe
3648 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
3620 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
4640 C:\Windows\System32\svchost.exe
3392 C:\Users\Frankizzle\Desktop\MBRCheck.exe
4232 C:\Windows\System32\WerFault.exe
5316 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`46500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK5056GSY, Rev: LH003C

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: A92173ED5E4128E8FEA366C92B495240418C9392


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#13
Grundy125
Posted 15 December 2011 - 06:03 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G62 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 197):
0x03051000 \SystemRoot\system32\ntoskrnl.exe
0x03008000 \SystemRoot\system32\hal.dll
0x00BCD000 \SystemRoot\system32\kdcom.dll
0x00C20000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6F000 \SystemRoot\system32\PSHED.dll
0x00C83000 \SystemRoot\system32\CLFS.SYS
0x00CE1000 \SystemRoot\system32\CI.dll
0x00E27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDA000 \SystemRoot\system32\drivers\ACPI.sys
0x00F31000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F3A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F44000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F51000 \SystemRoot\system32\drivers\pci.sys
0x00F84000 \SystemRoot\system32\drivers\isapnp.sys
0x00F8D000 \SystemRoot\system32\drivers\mpio.sys
0x00FB7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FCC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FD5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE1000 \SystemRoot\system32\drivers\volmgr.sys
0x00DA1000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF6000 \SystemRoot\system32\drivers\intelide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E10000 \SystemRoot\system32\drivers\aliide.sys
0x00E17000 \SystemRoot\system32\drivers\amdide.sys
0x00E1E000 \SystemRoot\system32\drivers\cmdide.sys
0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
0x010CD000 \SystemRoot\system32\drivers\msdsm.sys
0x010F3000 \SystemRoot\system32\drivers\nvraid.sys
0x0111B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0114B000 \SystemRoot\system32\drivers\pciide.sys
0x01152000 \SystemRoot\system32\drivers\viaide.sys
0x01219000 \SystemRoot\system32\drivers\iaStorV.sys
0x01421000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0153D000 \SystemRoot\system32\drivers\atapi.sys
0x01546000 \SystemRoot\system32\drivers\ataport.SYS
0x01570000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0158D000 \SystemRoot\system32\DRIVERS\storport.sys
0x015F0000 \SystemRoot\system32\drivers\msahci.sys
0x01400000 \SystemRoot\system32\drivers\HpSAMD.sys
0x01337000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0115A000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x013B2000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x013E1000 \SystemRoot\system32\drivers\amdsata.sys
0x011B0000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01200000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\DRIVERS\arc.sys
0x01019000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01034000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x010BB000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0167F000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0169E000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x016B1000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x016D0000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016DC000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01780000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01790000 \SystemRoot\system32\drivers\nvstor.sys
0x01807000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019AB000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019B9000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019D1000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017BB000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01A70000 \SystemRoot\system32\drivers\fltmgr.sys
0x01ABC000 \SystemRoot\system32\drivers\fileinfo.sys
0x01C1D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01AD0000 \SystemRoot\System32\Drivers\msrpc.sys
0x01DC0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01B2E000 \SystemRoot\System32\Drivers\cng.sys
0x01DDB000 \SystemRoot\System32\drivers\pcw.sys
0x01DEC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EBA000 \SystemRoot\system32\drivers\ndis.sys
0x01E00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x020B4000 \SystemRoot\System32\drivers\tcpip.sys
0x022B8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02302000 \SystemRoot\system32\DRIVERS\wd.sys
0x0230A000 \SystemRoot\system32\drivers\volsnap.sys
0x02356000 \SystemRoot\System32\Drivers\spldr.sys
0x0235E000 \SystemRoot\system32\drivers\sbp2port.sys
0x0237B000 \SystemRoot\System32\drivers\rdyboost.sys
0x023B5000 \SystemRoot\System32\Drivers\mup.sys
0x023C7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x02000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0203A000 \SystemRoot\system32\DRIVERS\disk.sys
0x045AD000 \SystemRoot\system32\drivers\cdrom.sys
0x04651000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x046E9000 \SystemRoot\System32\Drivers\Null.SYS
0x046F2000 \SystemRoot\System32\Drivers\Beep.SYS
0x046F9000 \SystemRoot\System32\drivers\vga.sys
0x04707000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0472C000 \SystemRoot\System32\drivers\watchdog.sys
0x0473C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04745000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0474E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04757000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04762000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04773000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04795000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x047A2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03602000 \SystemRoot\system32\drivers\afd.sys
0x0368B000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03698000 \SystemRoot\System32\DRIVERS\netbt.sys
0x036DD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x036E6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0370C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03722000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0374E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03769000 \SystemRoot\system32\drivers\termdd.sys
0x0377D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x037CE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x037DA000 \SystemRoot\system32\drivers\mssmbios.sys
0x037E5000 \SystemRoot\System32\drivers\discache.sys
0x047B4000 \SystemRoot\System32\Drivers\dfsc.sys
0x03731000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04600000 \SystemRoot\System32\Drivers\aswSP.SYS
0x047D2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03742000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0602A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x052D5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05246000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05257000 \SystemRoot\system32\drivers\usbehci.sys
0x05268000 \SystemRoot\system32\drivers\USBPORT.SYS
0x053C9000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05AF4000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05D96000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05A85000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05AA3000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05AAF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05DA3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05DF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05ABE000 \SystemRoot\system32\drivers\mouclass.sys
0x05ACD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05ADA000 \SystemRoot\system32\drivers\wmiacpi.sys
0x052BE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05AE3000 \SystemRoot\system32\drivers\CompositeBus.sys
0x06BE7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045D7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0205E000 \SystemRoot\System32\Drivers\pcouffin.sys
0x05DF8000 \SystemRoot\system32\drivers\swenum.sys
0x01FAD000 \SystemRoot\system32\drivers\ks.sys
0x0446B000 \SystemRoot\system32\drivers\umbus.sys
0x01BA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02073000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x072C8000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07528000 \SystemRoot\system32\drivers\portcls.sys
0x07565000 \SystemRoot\system32\drivers\drmk.sys
0x07587000 \SystemRoot\system32\drivers\ksthunk.sys
0x0758D000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x07200000 \SystemRoot\System32\Drivers\fastfat.SYS
0x000B0000 \SystemRoot\System32\win32k.sys
0x07272000 \SystemRoot\System32\drivers\Dxapi.sys
0x0727E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0729B000 \SystemRoot\system32\drivers\hidusb.sys
0x072A9000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x075E0000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x0447D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x075E9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x044AB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02ABE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02BDA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02BED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x02A00000 \SystemRoot\system32\drivers\luafv.sys
0x02A23000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02A5D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02A66000 \SystemRoot\system32\DRIVERS\stflt.sys
0x02A92000 \SystemRoot\system32\drivers\WudfPf.sys
0x07236000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x044B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0724B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0450C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0423A000 \SystemRoot\system32\drivers\HTTP.sys
0x04303000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04321000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04339000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04366000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x043B4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06EBF000 \SystemRoot\system32\drivers\peauth.sys
0x06F65000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06F70000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06FA1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07059000 \SystemRoot\System32\DRIVERS\srv.sys
0x070F1000 \SystemRoot\system32\drivers\spsys.sys
0x772E0000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFF600000 \Windows\System32\apisetschema.dll

Processes (total 94):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
548 csrss.exe
620 C:\Windows\System32\wininit.exe
640 csrss.exe
676 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\audiodg.exe
1056 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1352 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1360 C:\Windows\System32\wlanext.exe
1368 C:\Windows\System32\conhost.exe
1740 C:\Windows\System32\spoolsv.exe
1772 C:\Windows\System32\svchost.exe
1840 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
2024 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
704 C:\Windows\SysWOW64\svchost.exe
1032 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files\Bonjour\mDNSResponder.exe
1128 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
2092 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
2128 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2156 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2180 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2216 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2368 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2404 C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
2460 C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
2488 C:\Windows\System32\svchost.exe
2536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2684 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2996 C:\Windows\System32\dwm.exe
3016 C:\Windows\explorer.exe
2596 C:\Windows\System32\svchost.exe
3792 C:\Users\Frankizzle\AppData\Local\Apps\2.0\88ZD4ZGX.14N\L5PYR6MC.GLT\curs..tion_eee711038731a406_0004.0000_2ad57790d5451048\CurseClient.exe
3868 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4004 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
4040 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2748 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
4116 C:\Program Files\Java\jre6\bin\jusched.exe
4128 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
4204 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
4236 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
4260 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
4304 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4372 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4396 C:\Users\Frankizzle\AppData\Local\Akamai\netsession_win.exe
4480 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4500 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
4796 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4804 C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
4820 C:\Users\Frankizzle\AppData\Local\Akamai\netsession_win.exe
4848 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4968 C:\Program Files\iPod\bin\iPodService.exe
3628 C:\Users\Frankizzle\AppData\Local\ccw.exe
3984 C:\Windows\System32\SearchIndexer.exe
3728 C:\Program Files\Windows Media Player\wmpnetwk.exe
4068 C:\Windows\System32\svchost.exe
4124 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4300 WmiPrvSE.exe
3952 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4228 C:\Windows\System32\SearchProtocolHost.exe
2708 C:\Windows\System32\svchost.exe
5172 C:\Windows\splwow64.exe
5328 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5464 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
6044 dllhost.exe
1436 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
5452 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
6136 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
5492 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
4020 C:\Windows\System32\sppsvc.exe
5776 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
1480 C:\Windows\System32\taskeng.exe
3124 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
4360 C:\Windows\SysWOW64\rundll32.exe
5628 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
5288 C:\Windows\servicing\TrustedInstaller.exe
5636 C:\Windows\System32\SearchFilterHost.exe
3648 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
3620 C:\Users\Frankizzle\AppData\Local\Google\Chrome\Application\chrome.exe
4640 C:\Windows\System32\svchost.exe
3392 C:\Users\Frankizzle\Desktop\MBRCheck.exe
4232 C:\Windows\System32\WerFault.exe
5316 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`46500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK5056GSY, Rev: LH003C

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: A92173ED5E4128E8FEA366C92B495240418C9392


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#14
Grundy125
Posted 15 December 2011 - 06:03 PM

Grundy125

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Partition ID: Disk #0, Partition #0
Size: 199 MB

The computer boots from this partition.

~~~~~~~~~~~~~~~~~~~~~~~~

Partition ID: Disk #0, Partition #1
Size: 452.9 GB

~~~~~~~~~~~~~~~~~~~~~~~~

Partition ID: Disk #0, Partition #2
Size: 12.56 GB

~~~~~~~~~~~~~~~~~~~~~~~~

Partition ID: Disk #0, Partition #3
Size: 103.02 MB

~~~~~~~~~~~~~~~~~~~~~~~~

BIOS Manufacturer: Hewlett-Packard
Name: Default System BIOS
Status: OK

This is the primary BIOS.

~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#15
Dakeyras
Posted 17 December 2011 - 09:58 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

My apologies for the delay, I have been experiencing ISP problems...

Now it appears you machine is infected with a what is known as a TDL4 Rootkit, that also creates hidden partition on the hard-drive that the infection uses as a launch vector amongst other things etc.

This particular infection is not easy to eradicate and because your machine has what is known as a recovery partition if I attempt to remove the infection it will render the aforementioned recovery partition useless. Which basically means you would never be able to set your machine back as was when first purchased which is defacto a reformat and reinstallation of the Windows Operating System.

So my best advise would be to invoke the Recovery Partition, how to do so can be read on this page.

Next:

I am sorry I do not have better news for you at this time and if you have any questions do not hesitate to ask.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP