Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win 7 Antivirus 2012 Removal?!?! PEASES HELP! [Solved]


  • This topic is locked This topic is locked

#1
waipahe

waipahe

    New Member

  • Member
  • Pip
  • 9 posts
Hello Everyone. I picked up this virus a couple days ago and tried to get rid of it myself (STOPzilla, Malwarebytes....) and all seems good for awhile......then BOOM! It's back! Needless to say I need your HELP! I work from home (Graphics) and my comp is my life. Right now I am at a stand still as far as work goes because my internet keeps getting shut down! I'll be reading something and it will just shut down! Or a "Win 7 Antivirus 2012" window will pop up and start installing! I have tried to remove it with what I had....but it still comes back!!!! Very frustrating to say the least! My business is suffering and I'm at my wits end with this thing! Can somebody PLEASSSSSE HELP me?!?!


Here is what OTL scanned from my comp last night:

OTL logfile created on: 12/14/2011 10:48:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\waipahe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.92 Gb Available Physical Memory | 74.13% Memory free
15.98 Gb Paging File | 13.61 Gb Available in Paging File | 85.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.92 Gb Total Space | 1211.54 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
Drive D: | 12.97 Gb Total Space | 1.59 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 24.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 930.86 Gb Total Space | 860.30 Gb Free Space | 92.42% Space Free | Partition Type: NTFS

Computer Name: WAIPAHE-HP | User Name: waipahe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 22:48:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\waipahe\Downloads\OTL.exe
PRC - [2011/11/25 09:15:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/24 12:50:26 | 002,102,680 | ---- | M] () -- C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe
PRC - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/10 23:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/05/06 10:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/06 10:59:25 | 000,119,200 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 08:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/25 09:15:04 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 08:33:09 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 11:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/07 17:17:35 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/23 07:21:52 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/08/05 17:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/06 10:59:25 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/12/07 17:12:26 | 000,068,648 | R--- | M] (iS3, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/24 12:50:26 | 002,102,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe -- (RipCore)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/10 23:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/16 17:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 17:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/23 07:53:44 | 007,886,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/23 06:46:42 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 03:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/20 07:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/24 05:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/02 20:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/07/21 17:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/06 10:41:36 | 000,124,496 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2010/05/06 10:41:23 | 000,424,016 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2010/05/06 10:40:55 | 000,250,448 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2010/05/06 10:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/05/06 10:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/05/06 10:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/05/06 10:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/06 10:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/03/19 10:10:13 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010/03/10 05:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/12/21 23:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/08/09 11:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 14:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2011/09/26 11:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/09/26 11:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2011/03/29 23:03:10 | 000,092,536 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\waipahe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/27 11:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/08/27 11:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/27 11:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 09:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/25 11:55:20 | 000,000,000 | ---D | M]

[2011/03/28 13:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Extensions
[2011/12/13 09:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\extensions
[2011/12/13 09:37:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/08 21:32:39 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\extensions\[email protected]
[2011/06/18 16:50:56 | 000,002,568 | ---- | M] () -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\searchplugins\askcom.xml
[2011/11/25 09:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/25 09:15:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 10:36:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/25 09:15:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\waipahe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2011/12/13 16:11:44 | 000,000,036 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DIMDownloading your update...1300677038363] c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe (Corel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B163B5-6E45-469E-9D28-5B4BA5A175F4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 10:00:27 | 000,000,088 | ---- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{72f070a5-e3ac-11e0-9470-643150227d20}\Shell - "" = AutoRun
O33 - MountPoints2\{72f070a5-e3ac-11e0-9470-643150227d20}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- [2010/01/21 14:13:40 | 003,330,848 | ---- | M] (Western Digital)
O33 - MountPoints2\{78658d9e-8c78-11e0-a158-643150227d20}\Shell - "" = AutoRun
O33 - MountPoints2\{78658d9e-8c78-11e0-a158-643150227d20}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 15:55:01 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\waipahe\Desktop\mbam-setup.exe
[2011/12/13 22:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2011/12/13 22:02:45 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/13 22:02:44 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/13 22:02:42 | 000,424,016 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/13 22:02:40 | 000,124,496 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2011/12/13 22:00:54 | 000,250,448 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2011/12/13 22:00:46 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/13 22:00:35 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/13 22:00:21 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/13 21:59:29 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2011/12/13 21:59:25 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/13 16:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/12/13 16:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/12/13 16:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/12/13 16:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/12/13 15:45:59 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/13 08:35:14 | 000,000,000 | ---D | C] -- C:\Users\waipahe\AppData\Local\HuluDesktop
[2011/12/07 17:12:22 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/11/21 10:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Separation Studio
[2011/11/19 22:14:58 | 000,000,000 | ---D | C] -- C:\Users\waipahe\Desktop\CMYKProfiles
[2011/03/31 01:43:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\waipahe\AppData\Roaming\pcouffin.sys
[12 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 17:06:46 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/14 17:06:46 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/14 17:06:46 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/14 17:04:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 17:04:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 16:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 16:56:48 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 15:57:12 | 000,001,139 | ---- | M] () -- C:\Users\waipahe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/14 15:55:50 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\waipahe\Desktop\mbam-setup.exe
[2011/12/14 15:40:10 | 000,011,896 | -HS- | M] () -- C:\Users\waipahe\AppData\Local\a6dd58p3yb2qyt
[2011/12/14 15:40:10 | 000,011,896 | -HS- | M] () -- C:\ProgramData\a6dd58p3yb2qyt
[2011/12/14 15:39:16 | 004,974,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 22:02:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/12/13 22:00:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/13 16:12:04 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/12/13 16:11:44 | 000,000,036 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/13 15:50:00 | 000,010,106 | -HS- | M] () -- C:\Users\waipahe\AppData\Local\b7ck80m8ec8vkd
[2011/12/13 15:50:00 | 000,010,106 | -HS- | M] () -- C:\ProgramData\b7ck80m8ec8vkd
[2011/12/13 09:12:28 | 000,009,360 | -HS- | M] () -- C:\Users\waipahe\AppData\Local\222620n4p360q763c457a6gir7g0
[2011/12/13 09:12:28 | 000,009,360 | -HS- | M] () -- C:\ProgramData\222620n4p360q763c457a6gir7g0
[2011/12/12 07:14:27 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForwaipahe.job
[2011/12/07 17:12:22 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/12/02 17:54:08 | 006,950,792 | ---- | M] () -- C:\Windows\SysWow64\postscript.ps
[2011/12/02 10:48:08 | 000,318,687 | R--- | M] () -- C:\Users\Public\Documents\2012ApparelBagsandCapsPriceChanges.pdf
[2011/11/26 13:08:08 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWAIPAHE-HP$.job
[2011/11/21 10:28:33 | 000,001,370 | ---- | M] () -- C:\Users\Public\Desktop\Separation Studio User Guide.lnk
[2011/11/21 10:28:33 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Separation Studio.lnk
[2011/11/19 22:07:07 | 000,002,880 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/17 10:02:00 | 000,001,057 | ---- | M] () -- C:\Users\waipahe\AppData\Roaming\vso_ts_preview.xml
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 15:16:10 | 000,011,896 | -HS- | C] () -- C:\Users\waipahe\AppData\Local\a6dd58p3yb2qyt
[2011/12/14 15:16:10 | 000,011,896 | -HS- | C] () -- C:\ProgramData\a6dd58p3yb2qyt
[2011/12/13 22:02:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/12/13 16:12:03 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/12/13 15:45:44 | 000,010,106 | -HS- | C] () -- C:\Users\waipahe\AppData\Local\b7ck80m8ec8vkd
[2011/12/13 15:45:44 | 000,010,106 | -HS- | C] () -- C:\ProgramData\b7ck80m8ec8vkd
[2011/12/13 08:26:19 | 000,009,360 | -HS- | C] () -- C:\Users\waipahe\AppData\Local\222620n4p360q763c457a6gir7g0
[2011/12/13 08:26:19 | 000,009,360 | -HS- | C] () -- C:\ProgramData\222620n4p360q763c457a6gir7g0
[2011/12/02 10:48:14 | 000,318,687 | R--- | C] () -- C:\Users\Public\Documents\2012ApparelBagsandCapsPriceChanges.pdf
[2011/11/21 10:28:33 | 000,001,370 | ---- | C] () -- C:\Users\Public\Desktop\Separation Studio User Guide.lnk
[2011/11/21 10:28:33 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Separation Studio.lnk
[2011/11/20 14:08:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForwaipahe.job
[2011/10/07 15:12:18 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/09/30 09:45:05 | 000,000,087 | ---- | C] () -- C:\Windows\EPART835.ini
[2011/08/27 13:12:57 | 000,061,440 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\chrtmp
[2011/08/07 16:07:06 | 000,001,854 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\GhostObjGAFix.xml
[2011/07/28 08:52:58 | 000,000,091 | ---- | C] () -- C:\Windows\fnerr.dat
[2011/07/14 07:31:32 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/13 18:15:32 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\embriodery.dll
[2011/07/13 18:15:29 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\xTrace12.dll
[2011/07/13 18:15:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\xTrace.dll
[2011/07/13 18:15:23 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\xFilePatcher.dll
[2011/07/13 18:15:17 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\xDRAWings.dll
[2011/05/31 22:42:53 | 000,002,880 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/31 22:42:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E1471B16E4.sys
[2011/05/23 01:13:54 | 000,007,607 | ---- | C] () -- C:\Users\waipahe\AppData\Local\Resmon.ResmonCfg
[2011/04/22 12:19:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/07 17:17:46 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/07 17:13:13 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/31 01:43:09 | 000,099,384 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\inst.exe
[2011/03/31 01:43:09 | 000,007,859 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\pcouffin.cat
[2011/03/31 01:43:09 | 000,001,167 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\pcouffin.inf
[2011/03/31 01:28:09 | 000,001,057 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\vso_ts_preview.xml
[2011/03/28 15:44:37 | 000,003,712 | ---- | C] () -- C:\ProgramData\content.ie5
[2011/03/28 15:19:12 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/28 15:19:12 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/28 15:19:12 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/28 15:19:12 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/28 15:19:12 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/28 15:19:12 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/28 15:19:12 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/28 15:19:12 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/28 15:19:12 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/28 15:19:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/28 15:19:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/28 15:19:12 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/28 15:19:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/28 15:19:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/28 15:19:12 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/28 15:19:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/28 15:17:56 | 000,000,080 | ---- | C] () -- C:\Windows\EPWF1100.ini
[2011/01/07 23:09:45 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/07 22:34:11 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/01/07 22:12:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 08:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/13 19:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 16:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 16:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 14:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 11:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 11:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/07/06 21:56:36 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\xStitch.dll
[2005/03/23 08:02:52 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\axpEffects.dll
[2005/03/20 17:09:56 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AxpImage.dll
[2005/02/05 00:38:20 | 000,536,576 | ---- | C] () -- C:\Windows\SysWow64\ciaSecurity.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/04/07 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Autodesk
[2011/10/03 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Epson
[2011/09/30 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Leadertech
[2011/03/28 11:19:03 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\PictureMover
[2011/05/10 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\SoftGrid Client
[2011/05/25 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/08 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Tific
[2011/04/20 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\TP
[2011/08/27 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Ulead Systems
[2011/12/14 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\uTorrent
[2011/11/17 10:02:01 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Vso
[2011/03/31 17:26:38 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\WildTangent
[2011/08/25 12:49:17 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\WinBatch
[2011/07/26 07:52:30 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Windows Live Writer
[2011/05/10 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\WinMount
[2009/07/13 19:08:49 | 000,027,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(125).TXT
[2011/09/21 09:27:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C1DF762D

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can recover the situation for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/12/14 15:40:10 | 000,011,896 | -HS- | M] () -- C:\Users\waipahe\AppData\Local\a6dd58p3yb2qyt
    [2011/12/14 15:40:10 | 000,011,896 | -HS- | M] () -- C:\ProgramData\a6dd58p3yb2qyt
    2011/12/13 15:50:00 | 000,010,106 | -HS- | M] () -- C:\Users\waipahe\AppData\Local\b7ck80m8ec8vkd
    [2011/12/13 15:50:00 | 000,010,106 | -HS- | M] () -- C:\ProgramData\b7ck80m8ec8vkd
    [2011/12/13 09:12:28 | 000,009,360 | -HS- | M] () -- C:\Users\waipahe\AppData\Local\222620n4p360q763c457a6gir7g0
    [2011/12/13 09:12:28 | 000,009,360 | -HS- | M] () -- C:\ProgramData\222620n4p360q763c457a6gir7g0
    [2011/12/14 15:16:10 | 000,011,896 | -HS- | C] () -- C:\Users\waipahe\AppData\Local\a6dd58p3yb2qyt
    [2011/12/14 15:16:10 | 000,011,896 | -HS- | C] () -- C:\ProgramData\a6dd58p3yb2qyt
    [2011/12/13 15:45:44 | 000,010,106 | -HS- | C] () -- C:\Users\waipahe\AppData\Local\b7ck80m8ec8vkd
    [2011/12/13 15:45:44 | 000,010,106 | -HS- | C] () -- C:\ProgramData\b7ck80m8ec8vkd
    [2011/12/13 08:26:19 | 000,009,360 | -HS- | C] () -- C:\Users\waipahe\AppData\Local\222620n4p360q763c457a6gir7g0
    [2011/12/13 08:26:19 | 000,009,360 | -HS- | C] () -- C:\ProgramData\222620n4p360q763c457a6gir7g0


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#3
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I tried to run aswMBR.exe and towards the end of the scan, I get this: "avast! Antirootkit has stopped working." I have tried 3 times and it keeps saying the same thing. Please advise. Thanks you.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I think I know what this may be but lets confirm it

Could you continue with the screenshot of disc management and then run this programme

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Below are the reports requested and screen shot of disk mgmt.

OTL Report:
OTL logfile created on: 12/15/2011 10:46:51 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\waipahe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free
15.98 Gb Paging File | 13.96 Gb Available in Paging File | 87.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.92 Gb Total Space | 1211.35 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
Drive D: | 12.97 Gb Total Space | 1.59 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 24.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 930.86 Gb Total Space | 860.30 Gb Free Space | 92.42% Space Free | Partition Type: NTFS

Computer Name: WAIPAHE-HP | User Name: waipahe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 22:48:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\waipahe\Downloads\OTL.exe
PRC - [2011/11/25 09:15:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/24 12:50:26 | 002,102,680 | ---- | M] () -- C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe
PRC - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/10 23:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/05/06 10:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/06 10:59:25 | 000,119,200 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 08:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/25 09:15:04 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 08:33:09 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 11:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/07 17:17:35 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/23 07:21:52 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/08/05 17:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 10:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/06 10:59:25 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/12/07 17:12:26 | 000,068,648 | R--- | M] (iS3, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/24 12:50:26 | 002,102,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe -- (RipCore)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/10 23:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/16 17:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 17:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/23 07:53:44 | 007,886,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/23 06:46:42 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 03:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/20 07:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/24 05:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/02 20:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/07/21 17:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/06 10:41:36 | 000,124,496 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2010/05/06 10:41:23 | 000,424,016 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2010/05/06 10:40:55 | 000,250,448 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2010/05/06 10:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/05/06 10:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/05/06 10:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/05/06 10:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/06 10:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/03/19 10:10:13 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2010/03/10 05:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/12/21 23:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/08/09 11:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 14:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2011/09/26 11:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/09/26 11:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2011/03/29 23:03:10 | 000,092,536 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\waipahe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/27 11:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/08/27 11:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/27 11:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 09:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/25 11:55:20 | 000,000,000 | ---D | M]

[2011/03/28 13:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Extensions
[2011/12/13 09:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\extensions
[2011/12/13 09:37:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/08 21:32:39 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\extensions\[email protected]
[2011/06/18 16:50:56 | 000,002,568 | ---- | M] () -- C:\Users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\searchplugins\askcom.xml
[2011/11/25 09:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/25 09:15:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 10:36:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/25 09:15:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\waipahe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2011/12/15 10:41:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DIMDownloading your update...1300677038363] c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe (Corel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B163B5-6E45-469E-9D28-5B4BA5A175F4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 10:00:27 | 000,000,088 | ---- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{72f070a5-e3ac-11e0-9470-643150227d20}\Shell - "" = AutoRun
O33 - MountPoints2\{72f070a5-e3ac-11e0-9470-643150227d20}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- [2010/01/21 14:13:40 | 003,330,848 | ---- | M] (Western Digital)
O33 - MountPoints2\{78658d9e-8c78-11e0-a158-643150227d20}\Shell - "" = AutoRun
O33 - MountPoints2\{78658d9e-8c78-11e0-a158-643150227d20}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 10:41:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/14 15:55:01 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\waipahe\Desktop\mbam-setup.exe
[2011/12/13 22:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2011/12/13 22:02:45 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/13 22:02:44 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/13 22:02:42 | 000,424,016 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/13 22:02:40 | 000,124,496 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2011/12/13 22:00:54 | 000,250,448 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2011/12/13 22:00:46 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/13 22:00:35 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/13 22:00:21 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/13 21:59:29 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2011/12/13 21:59:25 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/13 16:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/12/13 16:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/12/13 16:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/12/13 16:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/12/13 15:45:59 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/13 08:35:14 | 000,000,000 | ---D | C] -- C:\Users\waipahe\AppData\Local\HuluDesktop
[2011/12/07 17:12:22 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/11/21 10:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Separation Studio
[2011/11/19 22:14:58 | 000,000,000 | ---D | C] -- C:\Users\waipahe\Desktop\CMYKProfiles
[2011/03/31 01:43:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\waipahe\AppData\Roaming\pcouffin.sys
[12 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/15 10:44:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 10:43:53 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 10:41:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/15 09:44:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 09:44:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 17:06:46 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/14 17:06:46 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/14 17:06:46 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/14 15:57:12 | 000,001,139 | ---- | M] () -- C:\Users\waipahe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/14 15:55:50 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\waipahe\Desktop\mbam-setup.exe
[2011/12/14 15:39:16 | 004,974,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 22:02:47 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/12/13 22:00:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/13 16:12:04 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/12/12 07:14:27 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForwaipahe.job
[2011/12/07 17:12:22 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/12/02 17:54:08 | 006,950,792 | ---- | M] () -- C:\Windows\SysWow64\postscript.ps
[2011/12/02 10:48:08 | 000,318,687 | R--- | M] () -- C:\Users\Public\Documents\2012ApparelBagsandCapsPriceChanges.pdf
[2011/11/26 13:08:08 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWAIPAHE-HP$.job
[2011/11/21 10:28:33 | 000,001,370 | ---- | M] () -- C:\Users\Public\Desktop\Separation Studio User Guide.lnk
[2011/11/21 10:28:33 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Separation Studio.lnk
[2011/11/19 22:07:07 | 000,002,880 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/17 10:02:00 | 000,001,057 | ---- | M] () -- C:\Users\waipahe\AppData\Roaming\vso_ts_preview.xml

========== Files Created - No Company Name ==========

[2011/12/13 22:02:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/12/13 16:12:03 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/12/02 10:48:14 | 000,318,687 | R--- | C] () -- C:\Users\Public\Documents\2012ApparelBagsandCapsPriceChanges.pdf
[2011/11/21 10:28:33 | 000,001,370 | ---- | C] () -- C:\Users\Public\Desktop\Separation Studio User Guide.lnk
[2011/11/21 10:28:33 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Separation Studio.lnk
[2011/11/20 14:08:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForwaipahe.job
[2011/10/07 15:12:18 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/09/30 09:45:05 | 000,000,087 | ---- | C] () -- C:\Windows\EPART835.ini
[2011/08/27 13:12:57 | 000,061,440 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\chrtmp
[2011/08/07 16:07:06 | 000,001,854 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\GhostObjGAFix.xml
[2011/07/28 08:52:58 | 000,000,091 | ---- | C] () -- C:\Windows\fnerr.dat
[2011/07/14 07:31:32 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/13 18:15:32 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\embriodery.dll
[2011/07/13 18:15:29 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\xTrace12.dll
[2011/07/13 18:15:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\xTrace.dll
[2011/07/13 18:15:23 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\xFilePatcher.dll
[2011/07/13 18:15:17 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\xDRAWings.dll
[2011/05/31 22:42:53 | 000,002,880 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/31 22:42:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E1471B16E4.sys
[2011/05/23 01:13:54 | 000,007,607 | ---- | C] () -- C:\Users\waipahe\AppData\Local\Resmon.ResmonCfg
[2011/04/22 12:19:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/07 17:17:46 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/07 17:13:13 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/31 01:43:09 | 000,099,384 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\inst.exe
[2011/03/31 01:43:09 | 000,007,859 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\pcouffin.cat
[2011/03/31 01:43:09 | 000,001,167 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\pcouffin.inf
[2011/03/31 01:28:09 | 000,001,057 | ---- | C] () -- C:\Users\waipahe\AppData\Roaming\vso_ts_preview.xml
[2011/03/28 15:44:37 | 000,003,712 | ---- | C] () -- C:\ProgramData\content.ie5
[2011/03/28 15:19:12 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/28 15:19:12 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/28 15:19:12 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/28 15:19:12 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/28 15:19:12 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/28 15:19:12 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/28 15:19:12 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/28 15:19:12 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/28 15:19:12 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/28 15:19:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/28 15:19:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/28 15:19:12 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/28 15:19:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/28 15:19:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/28 15:19:12 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/28 15:19:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/28 15:17:56 | 000,000,080 | ---- | C] () -- C:\Windows\EPWF1100.ini
[2011/01/07 23:09:45 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/07 22:34:11 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/01/07 22:12:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 08:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/13 19:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 16:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 16:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 14:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 11:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 11:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/07/06 21:56:36 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\xStitch.dll
[2005/03/23 08:02:52 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\axpEffects.dll
[2005/03/20 17:09:56 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\AxpImage.dll
[2005/02/05 00:38:20 | 000,536,576 | ---- | C] () -- C:\Windows\SysWow64\ciaSecurity.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/04/07 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Autodesk
[2011/10/03 11:24:02 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Epson
[2011/09/30 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Leadertech
[2011/03/28 11:19:03 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\PictureMover
[2011/05/10 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\SoftGrid Client
[2011/05/25 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/08 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Tific
[2011/04/20 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\TP
[2011/08/27 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Ulead Systems
[2011/12/14 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\uTorrent
[2011/11/17 10:02:01 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Vso
[2011/03/31 17:26:38 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\WildTangent
[2011/08/25 12:49:17 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\WinBatch
[2011/07/26 07:52:30 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\Windows Live Writer
[2011/05/10 13:20:58 | 000,000,000 | ---D | M] -- C:\Users\waipahe\AppData\Roaming\WinMount
[2009/07/13 19:08:49 | 000,027,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(125).TXT
[2011/09/21 09:27:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C1DF762D

< End of report >

MBR CHECK:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: p6787c
Logical Drives Mask: 0x00001f9c

Kernel Drivers (total 170):
0x02C5A000 \SystemRoot\system32\ntoskrnl.exe
0x02C11000 \SystemRoot\system32\hal.dll
0x00B96000 \SystemRoot\system32\kdcom.dll
0x00CCD000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CDA000 \SystemRoot\system32\PSHED.dll
0x00CEE000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00D4C000 \SystemRoot\SySWOW64\DRIVERS\szkg64.sys
0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F5B000 \SystemRoot\system32\drivers\ACPI.sys
0x00FB2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FBB000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC5000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\drivers\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D78000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D92000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01027000 \SystemRoot\system32\DRIVERS\storport.sys
0x0108A000 \SystemRoot\system32\drivers\amdxata.sys
0x01095000 \SystemRoot\system32\drivers\fltmgr.sys
0x010E1000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010F5000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01153000 \SystemRoot\System32\Drivers\cng.sys
0x013D9000 \SystemRoot\System32\drivers\pcw.sys
0x013EA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014E5000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\aswNdis2.sys
0x014A1000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0163D000 \SystemRoot\System32\drivers\tcpip.sys
0x01841000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0188B000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x01895000 \SystemRoot\system32\DRIVERS\aswNdis.sys
0x0189C000 \SystemRoot\system32\drivers\volsnap.sys
0x018E8000 \SystemRoot\System32\Drivers\spldr.sys
0x018F0000 \SystemRoot\System32\drivers\rdyboost.sys
0x0192A000 \SystemRoot\System32\Drivers\mup.sys
0x0193C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01945000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0197F000 \SystemRoot\system32\DRIVERS\disk.sys
0x01995000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019C5000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x02CD1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CFB000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x02D68000 \SystemRoot\System32\Drivers\Null.SYS
0x02D71000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D78000 \SystemRoot\System32\drivers\vga.sys
0x02D86000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DAB000 \SystemRoot\System32\drivers\watchdog.sys
0x02DBB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DC4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DCD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02DD6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DE1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C22000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C2F000 \SystemRoot\System32\Drivers\aswFW.SYS
0x02C51000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04859000 \SystemRoot\system32\drivers\afd.sys
0x048E2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x048EC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04931000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0493A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04960000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04976000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04985000 \??\C:\Windows\SysWOW64\drivers\WMDrive.sys
0x0499E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x049B9000 \SystemRoot\system32\drivers\termdd.sys
0x04800000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x049CD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x049D9000 \SystemRoot\system32\drivers\mssmbios.sys
0x049E4000 \SystemRoot\System32\drivers\discache.sys
0x01600000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C61000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x015D8000 \SystemRoot\System32\Drivers\aswSP.SYS
0x011C5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0161E000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04AAA000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04C11000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04AF5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A46000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05847000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x05943000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05950000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x059A7000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x059B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x059BD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x056D1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05727000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x05734000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05745000 \SystemRoot\system32\drivers\1394ohci.sys
0x05783000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0578C000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0579C000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x0579F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x057B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x057C1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x057D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0560C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0563B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05656000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05677000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05691000 \SystemRoot\system32\drivers\kbdclass.sys
0x056A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x056AF000 \SystemRoot\system32\drivers\swenum.sys
0x05800000 \SystemRoot\system32\drivers\ks.sys
0x056B1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07446000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x074A0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x074AD000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x074B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x074CA000 \SystemRoot\system32\drivers\AtihdW76.sys
0x074EA000 \SystemRoot\system32\drivers\portcls.sys
0x07527000 \SystemRoot\system32\drivers\drmk.sys
0x07549000 \SystemRoot\system32\drivers\ksthunk.sys
0x080A1000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x082FE000 \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
0x08000000 \SystemRoot\system32\DRIVERS\udfs.sys
0x08055000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08072000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x08074000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0808F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x083CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x083DC000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x083E0000 \SystemRoot\System32\drivers\Dxapi.sys
0x083EC000 \SystemRoot\system32\drivers\kbdhid.sys
0x0754F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\ATMFD.DLL
0x0755D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0756B000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x07575000 \SystemRoot\System32\Drivers\dump_amdsbs.sys
0x075BC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x008F0000 \SystemRoot\System32\cdd.dll
0x075CF000 \SystemRoot\system32\drivers\luafv.sys
0x07400000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x0741B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x07424000 \SystemRoot\system32\drivers\WudfPf.sys
0x059C8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02C72000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x059DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x053E8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x075F2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x070B8000 \SystemRoot\system32\drivers\HTTP.sys
0x07181000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x071B2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x071D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0704E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07CFF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07D68000 \SystemRoot\System32\DRIVERS\srv.sys
0x07C00000 \SystemRoot\System32\Drivers\Sentinel64.sys
0x07C26000 \SystemRoot\system32\drivers\peauth.sys
0x07CCC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07CD7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07072000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07CE9000 \??\C:\Windows\system32\drivers\mbam.sys
0x070A3000 \??\C:\Users\waipahe\AppData\Local\Temp\aswMBR.sys
0x771F0000 \Windows\System32\ntdll.dll
0x47DD0000 \Windows\System32\smss.exe
0xFF510000 \Windows\System32\apisetschema.dll
0xFFFF0000 \Windows\System32\autochk.exe

Processes (total 85):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
468 csrss.exe
532 C:\Windows\System32\wininit.exe
568 csrss.exe
600 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\atiesrxx.exe
1008 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1164 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
1256 C:\Windows\System32\atieclxx.exe
1280 C:\Windows\System32\wisptis.exe
1364 C:\Windows\System32\svchost.exe
1488 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1496 C:\Windows\System32\wlanext.exe
1504 C:\Windows\System32\conhost.exe
1588 C:\Program Files\Alwil Software\Avast5\afwServ.exe
1984 C:\Windows\System32\spoolsv.exe
480 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
2184 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2204 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2296 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2332 C:\Windows\System32\svchost.exe
2356 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
2396 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
2452 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
2472 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2536 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
2572 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2596 C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe
2620 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2648 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2720 C:\Windows\System32\svchost.exe
2764 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
2904 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2936 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2972 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3024 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
1744 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2616 C:\Windows\System32\wisptis.exe
2844 C:\Windows\System32\dwm.exe
3248 C:\Windows\System32\svchost.exe
3276 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
3344 C:\Windows\explorer.exe
3352 C:\Windows\System32\taskhost.exe
3412 WUDFHost.exe
3520 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
3548 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
3580 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
3592 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3628 C:\Windows\System32\SearchIndexer.exe
2672 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
348 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
1208 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
3312 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
3840 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3976 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2788 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4140 C:\Program Files\Windows Media Player\wmpnetwk.exe
4664 C:\Windows\System32\svchost.exe
4796 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
452 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
972 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3472 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4716 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
2880 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
5844 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
5660 C:\Windows\System32\svchost.exe
5012 C:\Windows\notepad.exe
4972 C:\Windows\SysWOW64\ctfmon.exe
7204 C:\Windows\System32\audiodg.exe
8100 WmiPrvSE.exe
7952 C:\Windows\System32\SearchProtocolHost.exe
7352 C:\Windows\System32\SearchFilterHost.exe
6488 C:\Users\waipahe\Downloads\MBRCheck.exe
7284 C:\Windows\System32\conhost.exe
8080 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000015a`00f00000 (NTFS)
\\.\M: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD15EARS-60MVWB0, Rev: 51.0
PhysicalDrive1 Model Number: WDMy Book 1110, Rev: 2003

Size Device Name MBR Status
--------------------------------------------
1397 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: F619F3E2D495B6C957B812DFE8961C780D57667B
930 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the screenshot please :)

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Could you attach the screenshot please :)


Sorry here you go.

Attached Thumbnails

  • Capture.JPG

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta that appears to rule out one specific infection
  • 0

#9
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there!

Logging on from my wife's pc. I finished running the combofix and it rebooted the system, however once the combofix log was completed and I tried to get back on to the internet (via firefox) this is the message I encountered.

"C:WProgram Files (x86)WMozilla FirefoxWFirefox.exe" (Please note that the "W"'s have lines going through them)
"Illegal operation attempted on a registry key that has been marked for deletion"

I tried to open the log and tried to save it, however, the same message popped up only change was the application name I was trying to open or access was replaced. Not sure what to do now. I am not able to move anywhere, I have not rebooted the computer yet. Standing by for your instructions. Thanks!
  • 0

#10
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, I rebooted the system and was able to get back on.... obviously. Here is the combofix txt file.

Computer seems to running ok, is there a way to tell if this nasty virus is still on my pc?

ComboFix 11-12-15.02 - waipahe 12/15/2011 12:10:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.5951 [GMT -10:00]
Running from: c:\users\waipahe\Downloads\ComboFix.exe
AV: avast! Internet Security *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\Thumbs.db
c:\users\waipahe\AppData\Roaming\chrtmp
c:\users\waipahe\AppData\Roaming\inst.exe
c:\users\waipahe\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\SysWow64\xTab2003.ocx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 20:41 . 2011-12-15 20:41 -------- d-----w- C:\_OTL
2011-12-14 18:25 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 18:25 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 18:25 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 18:25 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 18:25 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 18:25 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 08:02 . 2010-05-06 20:33 22096 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-14 08:02 . 2010-05-06 20:39 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-14 08:02 . 2010-05-06 20:41 424016 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-14 08:02 . 2010-05-06 20:41 124496 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-12-14 08:00 . 2010-05-06 20:40 250448 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-12-14 08:00 . 2010-05-06 20:34 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-14 08:00 . 2010-05-06 20:39 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-14 08:00 . 2010-05-06 20:34 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-14 07:59 . 2010-03-19 20:10 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-12-14 07:59 . 2010-05-06 20:59 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-14 02:05 . 2011-12-14 02:05 -------- d-----w- c:\program files (x86)\STOPzilla!
2011-12-14 02:05 . 2011-12-14 02:05 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-12-14 02:05 . 2011-12-14 08:12 -------- d-----w- c:\programdata\STOPzilla!
2011-12-14 01:45 . 2011-12-14 01:45 -------- d-----we c:\windows\system64
2011-12-13 18:35 . 2011-12-13 18:35 -------- d-----w- c:\users\waipahe\AppData\Local\HuluDesktop
2011-12-13 17:14 . 2011-11-30 12:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57121DA7-3755-4AA5-8789-9D3C051FAE3C}\mpengine.dll
2011-12-08 03:12 . 2011-12-08 03:12 68648 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2011-12-08 03:12 . 2011-12-08 03:12 547880 ----a-r- c:\windows\SysWow64\SZComp5.dll
2011-12-08 03:12 . 2011-12-08 03:12 482344 ----a-r- c:\windows\SysWow64\SZBase5.dll
2011-12-08 03:12 . 2011-12-08 03:12 457768 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2011-12-08 03:12 . 2011-12-08 03:12 30248 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2011-12-08 03:12 . 2011-12-08 03:12 24616 ----a-r- c:\windows\SysWow64\SZIO5.dll
2011-12-08 03:12 . 2011-12-08 03:12 134184 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2011-12-08 03:12 . 2011-12-08 03:12 740392 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2011-12-08 03:12 . 2011-12-08 03:12 392232 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2011-12-08 03:12 . 2011-12-08 03:12 232488 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2011-12-08 03:12 . 2011-12-08 03:12 105512 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2011-12-08 03:12 . 2011-12-08 03:12 101416 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 08:07 . 2011-06-01 08:42 2880 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-16 00:29 . 2011-08-29 18:32 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 18:33 . 2011-05-31 18:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-09 16:35 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-26 21:21 . 2011-09-26 21:21 74768 ----a-r- c:\windows\SysWow64\drivers\SZKG64.sys
2011-09-26 21:21 . 2011-09-26 21:21 74768 ----a-r- c:\windows\SysWow64\drivers\is3srv64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DIMDownloading your update...1300677038363"="c:\program files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe" [2010-05-21 95592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-10-7 4577760]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-22 85560]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-20 272864]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-08 1431888]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2011-03-30 92536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 RipCore;RipCore;c:\program files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe [2011-08-24 2102680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-22 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\HPCeeScheduleForWAIPAHE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2011-12-12 c:\windows\Tasks\HPCeeScheduleForwaipahe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 20:41 308736 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 20:59 174832 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF9807.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15007
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\waipahe\AppData\Roaming\Mozilla\Firefox\Profiles\djnn73c1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-12-15 12:22:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 22:22
.
Pre-Run: 1,300,528,648,192 bytes free
Post-Run: 1,300,179,255,296 bytes free
.
- - End Of File - - B5264F24943BB119F8A5AA37AA4A7584

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks a lot better - lets sweep for orphans now... Combofix failed to release the registry which is why a reboot was required to allow your programmes to run

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Good Morning ! Below is the log requested. No infections were found. Thanks!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8381

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/16/2011 8:59:21 AM
mbam-log-2011-12-16 (08-59-21).txt

Scan type: Quick scan
Objects scanned: 177181
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now - Any problems ?
  • 0

#14
waipahe

waipahe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It seems to be running well at the moment.....hoping it will stay this way? LOL! I wanna thank you for ALL of your help and expertise! You and the rest that help us on this forum are LIFESAVERS! :thumbsup: I mean that. Thanks again Essexboy! Aloha!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP