Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked Browsing

Started by thepsilocybevibe , Dec 17 2011 04:49 PM

  • Please log in to reply

#1
thepsilocybevibe
Posted 17 December 2011 - 04:49 PM

thepsilocybevibe

    Member

  • Member
  • PipPip
  • 22 posts
Hello!

I believe I've been hijacked. Every so often, I try to access one website but am taken to another. This happens when I navigate to the page either directly or through a search engine like Google. I just had a problem with "Vista Security 2012." I downloaded a registry fix and was able to browse the internet again but I don't know if I completely fixed the problem. I ran Malwarebytes like I usually do and it says my system is clean. But my Firefox browser is still hijacked. I ran OTL and post the log here for your review. Many thanks for your time!


OTL Log:



OTL logfile created on: 12/17/2011 2:26:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lawrence\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.64% Memory free
4.23 Gb Paging File | 2.31 Gb Available in Paging File | 54.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 16.09 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 14.60 Gb Free Space | 28.41% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/17 14:25:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lawrence\Downloads\OTL.exe
PRC - [2011/12/16 06:54:17 | 000,508,928 | ---- | M] () -- C:\Windows\svcs.exe
PRC - [2011/11/08 22:59:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/24 18:56:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/14 05:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/01/26 22:55:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/03 23:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/03 23:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/01/18 23:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/08 22:59:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:34:08 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 02:34:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:33:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 02:32:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 02:31:58 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:31:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 02:30:50 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 02:30:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/17 21:11:49 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/04 03:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/02/14 05:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2011/01/26 22:12:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010/07/06 20:26:46 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/03 23:55:20 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/16 06:54:17 | 000,508,928 | ---- | M] () [Auto | Running] -- C:\Windows\svcs.exe -- (NetworkLog)
SRV - [2011/11/09 17:47:46 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/04 13:15:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/12/16 15:50:32 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{331F5D0B-A6DA-48B7-9C32-7E699FCF1966}\MpKsl8e432ab8.sys -- (MpKsl8e432ab8)
DRV - [2011/12/15 22:20:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{331F5D0B-A6DA-48B7-9C32-7E699FCF1966}\MpKsl7f412780.sys -- (MpKsl7f412780)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/19 01:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2011/08/19 01:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/05/27 14:22:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/14 06:59:03 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/01/26 23:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 22:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 01:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/22 02:04:40 | 000,262,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/04 01:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 01:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 01:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 01:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 01:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 01:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 01:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 01:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/12/26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/01/18 06:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/10 21:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/24 18:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 17:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/23 17:42:01 | 000,000,000 | ---D | M]

[2010/09/25 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions
[2010/09/25 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/12 22:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions
[2011/04/13 16:05:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/08 22:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/24 18:56:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/08 22:59:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 11:07:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:59:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [{67660D82-8B53-D17F-473A-5B4D38BA2AE4}] C:\Users\Lawrence\AppData\Roaming\Yzadog\ukymemd.exe ()
O4 - HKCU..\Run: [Animated Wallpaper] C:\Users\Lawrence\Downloads\gray_storm_demo.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = File not found
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE6CDB5-71B4-4D45-A708-1332C0E8B3AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - (C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll) - File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Lawrence\AppData\Local\stardock\deskwall.bmp
O24 - Desktop BackupWallPaper: C:\Users\Lawrence\AppData\Local\stardock\deskwall.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5ef86691-924a-11e0-a51b-6c626d4ca3bf}\Shell - "" = AutoRun
O33 - MountPoints2\{5ef86691-924a-11e0-a51b-6c626d4ca3bf}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O33 - MountPoints2\{c07d90f3-ec9a-11e0-8ae3-6c626d4ca3bf}\Shell - "" = AutoRun
O33 - MountPoints2\{c07d90f3-ec9a-11e0-8ae3-6c626d4ca3bf}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O33 - MountPoints2\{fea31454-a338-11df-8755-6c626d4ca3bf}\Shell\open\command - "" = F:\USER-368F2FDD2D\USER-368F2FDD2D\USER-368F2FDD2Dv12
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 07:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/13 07:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Firestorm-Release
[2011/12/10 20:42:56 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\Documents\FullReport.do_files
[2011/12/10 03:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/12/09 01:33:26 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Local\Logitech® Webcam Software
[2011/12/09 01:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011/12/09 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Roaming\Leadertech
[2011/12/09 01:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/12/09 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/12/09 01:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/12/09 01:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/12/09 01:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/12/06 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\Documents\loadUCPPage.do_files
[2011/11/23 17:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/23 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/23 17:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/23 17:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/23 17:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/23 17:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/03 23:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 23:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/17 13:50:25 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 13:50:25 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 16:58:49 | 000,642,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 16:58:49 | 000,119,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 15:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 15:50:19 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 15:49:49 | 161,407,053 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/16 06:54:17 | 000,508,928 | ---- | M] () -- C:\Windows\svcs.exe
[2011/12/15 22:04:57 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/15 22:04:57 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/15 22:04:57 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/15 21:56:36 | 000,000,930 | ---- | M] () -- C:\Users\Lawrence\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/15 21:56:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 21:48:30 | 000,207,872 | ---- | M] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2
[2011/12/15 03:22:54 | 000,262,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 07:16:54 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/12 09:26:54 | 000,000,913 | ---- | M] () -- C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/12/10 20:42:56 | 000,359,979 | ---- | M] () -- C:\Users\Lawrence\Documents\FullReport.do.htm
[2011/12/09 15:10:29 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/09 01:07:44 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/12/06 09:32:51 | 000,012,924 | ---- | M] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.pdf
[2011/12/06 09:32:09 | 000,012,812 | ---- | M] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.htm
[2011/12/02 12:10:11 | 000,072,960 | ---- | M] () -- C:\Users\Lawrence\Desktop\Untitled 1.pdf
[2011/12/02 10:15:14 | 000,028,816 | ---- | M] () -- C:\Users\Lawrence\Documents\Untitled 1.odt
[2011/11/23 17:41:55 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/16 06:54:16 | 000,508,928 | ---- | C] () -- C:\Windows\svcs.exe
[2011/12/15 21:56:36 | 000,000,930 | ---- | C] () -- C:\Users\Lawrence\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/15 21:56:36 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 21:20:02 | 000,011,630 | -HS- | C] () -- C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:20:02 | 000,011,630 | -HS- | C] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2
[2011/12/13 07:16:54 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/12 17:02:05 | 161,407,053 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/12 09:26:54 | 000,000,913 | ---- | C] () -- C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/12/10 20:42:54 | 000,359,979 | ---- | C] () -- C:\Users\Lawrence\Documents\FullReport.do.htm
[2011/12/09 01:07:44 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/12/06 09:32:50 | 000,012,924 | ---- | C] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.pdf
[2011/12/06 09:32:05 | 000,012,812 | ---- | C] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.htm
[2011/12/02 12:10:08 | 000,072,960 | ---- | C] () -- C:\Users\Lawrence\Desktop\Untitled 1.pdf
[2011/11/23 17:41:55 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/23 17:38:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/24 18:59:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/24 18:59:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/19 01:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 01:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 01:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/25 22:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/18 13:08:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ps3sixaxis_en.exe
[2011/06/18 13:05:46 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011/06/15 15:04:52 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/18 10:26:07 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2011/04/18 10:24:27 | 000,179,734 | ---- | C] () -- C:\Windows\hpwins14.dat
[2011/04/18 10:24:27 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2011/02/27 03:12:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/26 21:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/26 21:49:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/25 01:42:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/31 18:04:42 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/12/21 02:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/11 12:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/19 08:30:40 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI
[2010/08/19 08:30:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MSHRES_U.DLL
[2010/08/12 02:44:21 | 000,207,872 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 14:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/04 13:15:04 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/04 13:15:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/04 12:38:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/04 11:59:26 | 000,000,680 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\d3d9caps.dat
[2010/07/06 17:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/06/04 00:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 23:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/03 23:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/03 23:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 23:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,262,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,642,462 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,119,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/23 16:49:08 | 000,000,000 | -HSD | M] -- C:\Users\Lawrence\AppData\Roaming\.#
[2010/08/04 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\acccore
[2011/05/26 23:22:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Avnex
[2010/09/03 16:34:25 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Barnes & Noble
[2011/12/01 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\BitTorrent
[2010/09/06 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Canneverbe Limited
[2011/05/15 17:58:35 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/03 09:32:59 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DAEMON Tools Lite
[2011/08/03 09:32:59 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DAEMON Tools Pro
[2011/05/30 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Firestorm
[2011/10/18 03:13:39 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\fltk.org
[2010/09/26 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\GetRightToGo
[2011/10/04 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\gtk-2.0
[2011/06/29 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Imprudence
[2010/08/14 16:20:03 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Individual Software
[2011/10/12 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\InWorldz
[2011/12/09 01:11:17 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Leadertech
[2010/08/19 07:06:52 | 000,000,000 | -HSD | M] -- C:\Users\Lawrence\AppData\Roaming\lowsec
[2011/08/14 11:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\MH GED
[2011/12/17 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Mieq
[2011/06/03 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\musicjacker
[2010/08/14 16:29:28 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\OpenOffice.org
[2010/08/13 10:23:33 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Propellerhead Software
[2011/08/31 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\SecondLife
[2011/01/31 18:02:48 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Stardock
[2011/07/11 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\uPlayer
[2010/08/15 02:06:12 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\VirtuaWin
[2011/11/15 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Yzadog
[2011/12/15 22:04:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 2158 bytes -> C:\Windows\System32\drivers\afzdbcea.sys:changelist

< End of report >












Extras:


OTL Extras logfile created on: 12/17/2011 2:26:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lawrence\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.64% Memory free
4.23 Gb Paging File | 2.31 Gb Available in Paging File | 54.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 16.09 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 14.60 Gb Free Space | 28.41% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C6366BD-BCF8-4C78-BFB0-8A55FD02E546}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C0E159CC-0D57-4866-9FD9-56BB520706A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBAB7E9D-C1A8-4E7E-99A7-63EAC59A9C15}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0000ADA4-82F4-4AA8-AE49-921448989FFF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0A6DD4F8-A653-42BA-907C-7E79B426EF15}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1C8A1EF5-C3FA-4D23-8DB8-C94151929EF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\counterstrike source beta\hl2.exe |
"{21CFA925-8753-4F7C-90B9-0E5802871739}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\counterstrike source beta\hl2.exe |
"{22CC0896-E5E5-4446-B18E-7460DD2C32E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2FCE2A2A-BDD0-4884-A20D-AC407A03B40B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3967AF4F-9275-4333-80AE-A2020F2113A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{408034A6-0CDB-450F-836C-BB93D8A818B6}" = protocol=6 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{4C271AF1-A18C-4680-8E0C-AA493C7A122E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51210A08-D2B6-4461-ABD2-2BA859F1F24E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress classic\hl.exe |
"{55391DB2-4650-407A-A6D6-805F1C59C138}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5E28F352-B56C-4E02-BB84-7E4C434BA3A1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\day of defeat source\hl2.exe |
"{6E8AA84B-4884-41CF-9D2B-4E5B935B8DDE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{7EE56860-8595-4E2C-826E-CD18D2AD3136}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9E4CE849-03B0-4B72-B052-744B214610B1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A0B185BF-33C0-4539-AEE5-D13873351A95}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\day of defeat source\hl2.exe |
"{A2B9BDC3-8E15-487B-8797-EB5D4037477E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AF491A84-203E-44A7-AD1D-BB14AC24E8A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life\hl.exe |
"{B660E0F8-05AB-4C69-BE55-ACED870D97EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD0E6ACE-D8AB-40E3-A04E-31303CB43D0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{D26033F9-B851-4187-A467-AEC9D133D7ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life\hl.exe |
"{E5EC88E2-F387-4A68-84F0-F48E603F8A31}" = protocol=17 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{F51696B5-3986-4295-AEE7-1F411510E704}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{F59F6BF5-CF70-4680-8BA7-961730F2D91F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress classic\hl.exe |
"{FBD35036-377D-49DB-AD0C-DBC35B546631}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC1571BB-F3BE-45AE-9C5D-E2CB102D7B71}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{02DB324F-C308-4331-974F-F6BE692E80D4}C:\program files\secondlifeviewer2\slplugin.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slplugin.exe |
"TCP Query User{04F28D6D-D631-45EC-AD64-5569440557ED}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{05CE8715-0F97-4CE6-8035-FF156D8FC5E7}C:\program files\firestorm-beta-mesh\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-beta-mesh\slvoice.exe |
"TCP Query User{090CA08A-0B53-4884-9A2C-010897A9B4A3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{12D7075C-EB51-43DF-8B2E-108AFCDA42B2}C:\program files\firestorm-release\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-release\slvoice.exe |
"TCP Query User{19BDD935-B2BE-4191-AA88-FB0D02A84A7D}C:\program files\firestorm-preview\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-preview\slvoice.exe |
"TCP Query User{23C00775-7382-4759-A8D0-FA8AB094A1D6}E:\win32\launcher\dist\launch.exe" = protocol=6 | dir=in | app=e:\win32\launcher\dist\launch.exe |
"TCP Query User{2E085DEF-979C-46EF-8882-A180A25223C2}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3322B553-C620-4533-9813-7C112FDAA9D6}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"TCP Query User{3920A0E0-6A0E-4B8E-92BD-83FAABAC23F9}C:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe |
"TCP Query User{3B318306-F89D-42CC-8E62-F93E7660450E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{4C96BB9E-C13D-4299-BB98-62C37ACBF36A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5C20FDEB-2C5C-4463-921F-FDC349894870}C:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe |
"TCP Query User{76CBCB85-B252-488A-886C-D56C1011B55A}C:\users\lawrence\saved games\dark life\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\users\lawrence\saved games\dark life\secondlife\slvoice.exe |
"TCP Query User{801A9ACD-32E9-4B6F-B4C6-B3F8CCE09363}C:\program files\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"TCP Query User{8C4A110C-B7F8-4043-AAE0-0DE909DD6F84}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8EDCD710-90DE-434D-B412-C0C402F46E39}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{90C799BB-208D-4325-AFDF-8A6B9738A9FA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{958EAF10-BE67-490E-A877-A27210346C23}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{9824A96A-5B78-4848-B241-892575400D96}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A4A35F82-DF32-4B5D-803F-8BC04AD33400}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B481D310-D5D0-4714-B4B0-73616EB019DE}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B846EC43-7419-4C72-8C32-1F4901DD94CA}C:\program files\emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\emerald viewer\slvoice.exe |
"TCP Query User{B9D682FB-4FE2-44AD-84AC-F1B6885406F7}C:\program files\singularityviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\singularityviewer\slvoice.exe |
"TCP Query User{BACDC3A8-3E61-469B-AC31-5D2C25E1CC8D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{C4772A0F-740A-4B38-A7C0-5818E74CE853}C:\program files\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"TCP Query User{C944CF21-55DC-4338-82BE-59F44CF6F2C7}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"TCP Query User{D9865131-7C40-443D-842E-6D95F528F08E}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"TCP Query User{DACE4FFF-0962-423A-9910-7F35C2491597}C:\program files\incognito\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\incognito\slvoice.exe |
"TCP Query User{E26FC98F-96A4-4504-932E-BB6ADC1B5922}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{E98FE8DF-09D5-49EC-AE18-4F1A1BD593B5}C:\program files\3dchat\client.exe" = protocol=6 | dir=in | app=c:\program files\3dchat\client.exe |
"TCP Query User{FDE83EE2-B8C9-4AA3-9BAF-6C1B49E08B34}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"UDP Query User{1A6A67AE-2CD7-4590-94BD-B02C648CD4F8}C:\program files\singularityviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\singularityviewer\slvoice.exe |
"UDP Query User{212B932A-1BBD-4322-8601-44D168B93599}C:\program files\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"UDP Query User{246B1DB1-0EBA-433C-A91C-576204726993}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{3D7CF850-BADC-48D5-AC83-66F78E73BB4F}C:\program files\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"UDP Query User{4FE8B33D-DCCC-4C95-A930-3831C9471376}C:\users\lawrence\saved games\dark life\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\users\lawrence\saved games\dark life\secondlife\slvoice.exe |
"UDP Query User{512D93D2-C6F1-4AA8-9861-300F84EB1188}C:\program files\3dchat\client.exe" = protocol=17 | dir=in | app=c:\program files\3dchat\client.exe |
"UDP Query User{521F585A-1EE7-4384-8630-B8C890235C51}C:\program files\incognito\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\incognito\slvoice.exe |
"UDP Query User{5341D996-DCE8-4E5E-81B6-3E49F27A490A}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"UDP Query User{632D6624-5C73-4A8D-B70F-3A02D687973B}C:\program files\emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\emerald viewer\slvoice.exe |
"UDP Query User{646FD486-6A8D-4AAC-86FC-0D5CDA8EC8C4}C:\program files\firestorm-release\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-release\slvoice.exe |
"UDP Query User{684F71AC-34D4-4C70-B140-85F1C887894B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{717329D5-E5C3-4EF8-B8A0-074CF540983C}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7422736D-E2D8-451E-90A4-37469314AEE2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{750DB535-5B02-45DE-A07B-ED7D6A6E6FA0}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{7982D860-0A0F-466B-936F-AC2E78F160F1}C:\program files\firestorm-beta-mesh\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-beta-mesh\slvoice.exe |
"UDP Query User{7C7D79C8-A510-4FAE-982D-5F208CABD4AF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{7E4DCC07-E6EE-40E6-B400-EBAF53E5AACA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{82D05BFA-0FFD-43C1-BC8C-AF241182332B}E:\win32\launcher\dist\launch.exe" = protocol=17 | dir=in | app=e:\win32\launcher\dist\launch.exe |
"UDP Query User{834EFCEE-B656-4AF4-9135-C9007E0990ED}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"UDP Query User{85045E0B-AC65-4F31-A7F1-7230587A107B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{870FC149-BC9A-4AE5-B803-D8E06730F6A9}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{A55E5BFC-DA1D-4E87-97BE-A9A679519DB9}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"UDP Query User{A9F94606-745A-4B1E-B224-59E32413FED5}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"UDP Query User{AD85442D-7E38-40B3-8D92-428E6F9B7E4E}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{BB2C3925-FE8B-4AF1-99CE-DBC6083BDF38}C:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe |
"UDP Query User{C6004BB5-F788-455C-AEC6-489CCDBAE200}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{CA193461-FCE6-4DB9-B067-E7F0F1EB6E4F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D1B605BB-683B-4F09-9DCE-849009DAEA66}C:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe |
"UDP Query User{D57830F1-AD42-40B8-B3A3-D5D97468E62B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DC00B877-D8D3-46D7-A2FC-01900602A574}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{DEB00285-B9EF-4C03-830F-F1D4EDB9FBE5}C:\program files\firestorm-preview\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-preview\slvoice.exe |
"UDP Query User{FAD87EB3-3846-4C56-AB6F-4DCF57AACF38}C:\program files\secondlifeviewer2\slplugin.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1102
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77EC0035-AFBA-4A8C-814A-6A887224C1A1}" = DeskScapes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E52BFE61-E0FF-11D6-9D69-00065BABCB42}" = Reason
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED8A2334-84CB-4AE0-80C5-7E26F9610AA0}_is1" = Incognito version Summer 2011
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"BitTorrent" = BitTorrent
"Blender" = Blender
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeskScapes" = DeskScapes
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Firestorm-Beta-Mesh" = Firestorm-Beta-Mesh (remove only)
"Firestorm-Preview" = Firestorm-Preview (remove only)
"Firestorm-Release" = Firestorm-Release (remove only)
"GoldWave v5.24" = GoldWave v5.24
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HTC_WModemDriver" = WModem Driver Installer
"IconPackager" = IconPackager
"InstallShield_{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.9 (Basic)
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MKV Player_is1" = MKV Player 2.0
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NOOK Study" = NOOK Study
"OpenAL" = OpenAL
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"ResumeMaker" = ResumeMaker
"Search Toolbar" = Search Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 215" = Source SDK Base 2006
"Steam App 260" = Counter-Strike: Source Beta
"VirtuaWin_is1" = VirtuaWin v4.2
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 5 (32-bit)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2011 4:05:39 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x2940, application
start time 0x01ccbcf6809ae6bd.

Error - 12/17/2011 4:10:56 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x2a64, application
start time 0x01ccbcf76530a2a4.

Error - 12/17/2011 4:15:59 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x1ec4, application
start time 0x01ccbcf82299304a.

Error - 12/17/2011 4:58:05 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x2ae8, application
start time 0x01ccbcfdde9af1d4.

Error - 12/17/2011 5:36:22 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x23b0, application
start time 0x01ccbd03c3700114.

Error - 12/17/2011 5:55:45 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0xe6c, application
start time 0x01ccbd06623e88ef.

Error - 12/17/2011 6:01:01 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0xadc, application
start time 0x01ccbd06c6ff1795.

Error - 12/17/2011 6:07:00 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x15b4, application
start time 0x01ccbd07f7ecd512.

Error - 12/17/2011 6:16:51 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x2540, application
start time 0x01ccbd08b165fb8b.

Error - 12/17/2011 6:23:52 PM | Computer Name = Lawrence-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0x10fc, application
start time 0x01ccbd09bf12f710.

[ System Events ]
Error - 12/16/2011 2:21:11 AM | Computer Name = Lawrence-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%858

Error - 12/16/2011 2:21:11 AM | Computer Name = Lawrence-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 12/16/2011 10:54:18 AM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/16/2011 7:50:22 PM | Computer Name = Lawrence-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:43:58 PM on 12/16/2011 was unexpected.

Error - 12/16/2011 7:51:38 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/16/2011 7:51:38 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/16/2011 7:51:38 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/16/2011 7:52:02 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/16/2011 7:52:21 PM | Computer Name = Lawrence-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/16/2011 7:52:21 PM | Computer Name = Lawrence-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 17 December 2011 - 06:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
thepsilocybevibe
Posted 17 December 2011 - 10:03 PM

thepsilocybevibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for the quick response!

I followed all the steps. Here are the logs. Screenshot of Computer Management is attached. Thanks!




Combofix:



ComboFix 11-12-17.05 - Lawrence 12/17/2011 18:18:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.859 [GMT -8:00]
Running from: c:\users\Lawrence\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\users\Lawrence\AppData\Roaming\.#
c:\users\Lawrence\AppData\Roaming\.#\MBX@324@3D2778.###
c:\users\Lawrence\AppData\Roaming\.#\MBX@324@3D27A8.###
c:\users\Lawrence\AppData\Roaming\Yzadog\ukymemd.exe
c:\windows\security\Database\tmp.edb
c:\windows\svcs.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 02:29 . 2011-12-18 02:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\offreg.dll
2011-12-17 23:58 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\mpengine.dll
2011-12-15 00:05 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:05 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 00:05 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 00:05 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 00:05 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 00:05 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:05 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 15:15 . 2011-12-13 15:16 -------- d-----w- c:\program files\Firestorm-Release
2011-12-10 11:00 . 2011-12-10 11:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-12-09 09:33 . 2011-12-09 09:33 -------- d-----w- c:\users\Lawrence\AppData\Local\Logitech® Webcam Software
2011-12-09 09:12 . 2011-12-09 09:12 -------- d-----w- c:\programdata\LogiShrd
2011-12-09 09:11 . 2011-12-09 09:11 -------- d-----w- c:\users\Lawrence\AppData\Roaming\Leadertech
2011-12-09 09:11 . 2011-12-09 09:11 53248 ----a-r- c:\users\Lawrence\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-09 09:08 . 2011-12-09 09:08 -------- d-----w- c:\programdata\Logitech
2011-12-09 09:08 . 2011-12-09 09:08 -------- d-----w- c:\program files\Common Files\LWS
2011-12-09 09:07 . 2011-12-09 09:11 -------- d-----w- c:\program files\Logitech
2011-12-09 09:07 . 2011-12-09 09:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-11-24 01:36 . 2011-11-24 01:36 -------- d-----w- c:\program files\iPod
2011-11-24 01:36 . 2011-11-24 01:37 -------- d-----w- c:\program files\iTunes
2011-11-24 01:31 . 2011-11-24 01:31 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-02-25 18:27 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-11 02:10 . 2011-10-11 02:11 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9180A5BA-DDD5-4C82-BCE8-1C82DCC1BA63}\gapaengine.dll
2011-09-25 02:56 . 2011-09-25 02:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-25 02:56 . 2007-10-20 03:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-20 21:02 . 2011-11-08 22:33 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:59 . 2011-05-06 19:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 04:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-09-25 273528]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [N/A]
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 238592]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15007
uInternet Settings,ProxyOverride = local;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\oehiqy60.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
HKCU-Run-Animated Wallpaper - c:\users\Lawrence\Downloads\gray_storm_demo.exe
HKCU-Run-{67660D82-8B53-D17F-473A-5B4D38BA2AE4} - c:\users\Lawrence\AppData\Roaming\Yzadog\ukymemd.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
Notify-WBSrv - c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
AddRemove-ResumeMaker - c:\progra~1\RESUME~1\UNWISE.EXE
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1 - c:\program files\Phoenix Viewer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 18:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Animated Wallpaper = c:\users\Lawrence\Downloads\gray_storm_demo.exe???????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\System32\Ctxfihlp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\HPQKYGRP.EXE
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Completion time: 2011-12-17 18:38:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 02:38
.
Pre-Run: 19,125,116,928 bytes free
Post-Run: 20,717,957,120 bytes free
.
- - End Of File - - ACE844944DA31630FE24AFEE3F957502








TDSSKiller:



18:56:16.0954 1856 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:56:17.0317 1856 ============================================================
18:56:17.0317 1856 Current date / time: 2011/12/17 18:56:17.0317
18:56:17.0318 1856 SystemInfo:
18:56:17.0318 1856
18:56:17.0318 1856 OS Version: 6.0.6002 ServicePack: 2.0
18:56:17.0318 1856 Product type: Workstation
18:56:17.0318 1856 ComputerName: LAWRENCE-PC
18:56:17.0318 1856 UserName: Lawrence
18:56:17.0318 1856 Windows directory: C:\Windows
18:56:17.0318 1856 System windows directory: C:\Windows
18:56:17.0318 1856 Processor architecture: Intel x86
18:56:17.0318 1856 Number of processors: 2
18:56:17.0318 1856 Page size: 0x1000
18:56:17.0318 1856 Boot type: Normal boot
18:56:17.0318 1856 ============================================================
18:56:18.0126 1856 Initialize success
18:56:20.0801 1252 ============================================================
18:56:20.0801 1252 Scan started
18:56:20.0801 1252 Mode: Manual;
18:56:20.0801 1252 ============================================================
18:56:21.0422 1252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:56:21.0424 1252 ACPI - ok
18:56:21.0496 1252 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:56:21.0499 1252 adp94xx - ok
18:56:21.0523 1252 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:56:21.0525 1252 adpahci - ok
18:56:21.0549 1252 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:56:21.0550 1252 adpu160m - ok
18:56:21.0567 1252 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:56:21.0569 1252 adpu320 - ok
18:56:21.0642 1252 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:56:21.0643 1252 AFD - ok
18:56:21.0683 1252 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:56:21.0683 1252 agp440 - ok
18:56:21.0715 1252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:56:21.0716 1252 aic78xx - ok
18:56:21.0740 1252 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:56:21.0741 1252 aliide - ok
18:56:21.0857 1252 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:56:21.0858 1252 amdagp - ok
18:56:21.0867 1252 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:56:21.0868 1252 amdide - ok
18:56:21.0885 1252 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:56:21.0886 1252 AmdK7 - ok
18:56:21.0903 1252 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:56:21.0904 1252 AmdK8 - ok
18:56:22.0142 1252 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
18:56:22.0192 1252 amdkmdag - ok
18:56:22.0219 1252 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
18:56:22.0221 1252 amdkmdap - ok
18:56:22.0284 1252 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:56:22.0284 1252 arc - ok
18:56:22.0324 1252 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:56:22.0325 1252 arcsas - ok
18:56:22.0395 1252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:22.0396 1252 AsyncMac - ok
18:56:22.0424 1252 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:56:22.0425 1252 atapi - ok
18:56:22.0528 1252 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
18:56:22.0529 1252 AtiHdmiService - ok
18:56:22.0591 1252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:56:22.0591 1252 Beep - ok
18:56:22.0626 1252 blbdrive - ok
18:56:22.0677 1252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:56:22.0677 1252 bowser - ok
18:56:22.0717 1252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:56:22.0718 1252 BrFiltLo - ok
18:56:22.0745 1252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:56:22.0746 1252 BrFiltUp - ok
18:56:22.0789 1252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:56:22.0789 1252 Brserid - ok
18:56:22.0812 1252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:56:22.0813 1252 BrSerWdm - ok
18:56:22.0837 1252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:56:22.0837 1252 BrUsbMdm - ok
18:56:22.0859 1252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:56:22.0860 1252 BrUsbSer - ok
18:56:22.0889 1252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:56:22.0890 1252 BTHMODEM - ok
18:56:22.0991 1252 catchme - ok
18:56:23.0090 1252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:23.0091 1252 cdfs - ok
18:56:23.0161 1252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:23.0162 1252 cdrom - ok
18:56:23.0196 1252 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:56:23.0197 1252 circlass - ok
18:56:23.0243 1252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:56:23.0245 1252 CLFS - ok
18:56:23.0290 1252 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:56:23.0291 1252 cmdide - ok
18:56:23.0310 1252 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:56:23.0310 1252 Compbatt - ok
18:56:23.0334 1252 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:56:23.0334 1252 crcdisk - ok
18:56:23.0374 1252 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:56:23.0375 1252 Crusoe - ok
18:56:23.0432 1252 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
18:56:23.0433 1252 CT20XUT - ok
18:56:23.0468 1252 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
18:56:23.0469 1252 CT20XUT.SYS - ok
18:56:23.0506 1252 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
18:56:23.0509 1252 ctac32k - ok
18:56:23.0536 1252 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
18:56:23.0540 1252 ctaud2k - ok
18:56:23.0576 1252 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
18:56:23.0579 1252 ctdvda2k - ok
18:56:23.0637 1252 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
18:56:23.0645 1252 CTEXFIFX - ok
18:56:23.0761 1252 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
18:56:23.0769 1252 CTEXFIFX.SYS - ok
18:56:23.0788 1252 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
18:56:23.0789 1252 CTHWIUT - ok
18:56:23.0800 1252 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
18:56:23.0801 1252 CTHWIUT.SYS - ok
18:56:23.0815 1252 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
18:56:23.0816 1252 ctprxy2k - ok
18:56:23.0838 1252 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
18:56:23.0839 1252 ctsfm2k - ok
18:56:23.0882 1252 DfsC (f7f11e66abf5c225437cb8bf219564a4) C:\Windows\system32\Drivers\dfsc.sys
18:56:23.0883 1252 DfsC - ok
18:56:23.0957 1252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:56:23.0958 1252 disk - ok
18:56:24.0046 1252 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:56:24.0048 1252 Dot4 - ok
18:56:24.0080 1252 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:56:24.0081 1252 Dot4Print - ok
18:56:24.0097 1252 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:56:24.0098 1252 dot4usb - ok
18:56:24.0139 1252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:56:24.0140 1252 drmkaud - ok
18:56:24.0234 1252 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:56:24.0235 1252 dtsoftbus01 - ok
18:56:24.0322 1252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:24.0327 1252 DXGKrnl - ok
18:56:24.0354 1252 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:56:24.0355 1252 E1G60 - ok
18:56:24.0422 1252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:56:24.0423 1252 Ecache - ok
18:56:24.0476 1252 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:56:24.0479 1252 elxstor - ok
18:56:24.0511 1252 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
18:56:24.0512 1252 emupia - ok
18:56:24.0570 1252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:56:24.0571 1252 exfat - ok
18:56:24.0618 1252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:56:24.0619 1252 fastfat - ok
18:56:24.0647 1252 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:56:24.0648 1252 fdc - ok
18:56:24.0691 1252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:56:24.0692 1252 FileInfo - ok
18:56:24.0751 1252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:56:24.0751 1252 Filetrace - ok
18:56:24.0812 1252 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:24.0813 1252 flpydisk - ok
18:56:24.0847 1252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:56:24.0849 1252 FltMgr - ok
18:56:24.0883 1252 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:24.0883 1252 Fs_Rec - ok
18:56:24.0917 1252 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:56:24.0918 1252 gagp30kx - ok
18:56:24.0963 1252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:56:24.0964 1252 GEARAspiWDM - ok
18:56:25.0022 1252 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
18:56:25.0030 1252 ha20x2k - ok
18:56:25.0058 1252 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:56:25.0059 1252 HdAudAddService - ok
18:56:25.0125 1252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:56:25.0129 1252 HDAudBus - ok
18:56:25.0151 1252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:56:25.0152 1252 HidBth - ok
18:56:25.0167 1252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:56:25.0168 1252 HidIr - ok
18:56:25.0209 1252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:25.0210 1252 HidUsb - ok
18:56:25.0235 1252 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:56:25.0236 1252 HpCISSs - ok
18:56:25.0317 1252 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:56:25.0335 1252 HTTP - ok
18:56:25.0396 1252 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:56:25.0398 1252 i2omp - ok
18:56:25.0450 1252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:56:25.0451 1252 i8042prt - ok
18:56:25.0495 1252 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:56:25.0499 1252 iaStorV - ok
18:56:25.0524 1252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:56:25.0525 1252 iirsp - ok
18:56:25.0596 1252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:56:25.0597 1252 intelide - ok
18:56:25.0640 1252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:25.0641 1252 intelppm - ok
18:56:25.0685 1252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:25.0687 1252 IpFilterDriver - ok
18:56:25.0695 1252 IpInIp - ok
18:56:25.0720 1252 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:56:25.0722 1252 IPMIDRV - ok
18:56:25.0756 1252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:56:25.0757 1252 IPNAT - ok
18:56:25.0800 1252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:56:25.0801 1252 IRENUM - ok
18:56:25.0845 1252 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:56:25.0846 1252 isapnp - ok
18:56:25.0897 1252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:56:25.0900 1252 iScsiPrt - ok
18:56:25.0970 1252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:56:25.0970 1252 iteatapi - ok
18:56:26.0020 1252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:56:26.0021 1252 iteraid - ok
18:56:26.0063 1252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:56:26.0064 1252 kbdclass - ok
18:56:26.0099 1252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:56:26.0100 1252 kbdhid - ok
18:56:26.0141 1252 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:56:26.0158 1252 KSecDD - ok
18:56:26.0222 1252 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
18:56:26.0223 1252 libusb0 - ok
18:56:26.0278 1252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:26.0279 1252 lltdio - ok
18:56:26.0321 1252 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:56:26.0322 1252 LSI_FC - ok
18:56:26.0353 1252 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:56:26.0355 1252 LSI_SAS - ok
18:56:26.0406 1252 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:56:26.0407 1252 LSI_SCSI - ok
18:56:26.0441 1252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:56:26.0442 1252 luafv - ok
18:56:26.0503 1252 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
18:56:26.0508 1252 LVRS - ok
18:56:26.0825 1252 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
18:56:26.0924 1252 LVUVC - ok
18:56:26.0981 1252 LycoFltr (f90bde6e9c7b6015edf1dc99a97b00c9) C:\Windows\system32\Drivers\Lycosa.sys
18:56:26.0982 1252 LycoFltr - ok
18:56:27.0045 1252 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
18:56:27.0046 1252 MBAMProtector - ok
18:56:27.0126 1252 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:56:27.0127 1252 megasas - ok
18:56:27.0167 1252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:56:27.0168 1252 Modem - ok
18:56:27.0241 1252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:56:27.0242 1252 monitor - ok
18:56:27.0326 1252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:27.0327 1252 mouclass - ok
18:56:27.0368 1252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:27.0369 1252 mouhid - ok
18:56:27.0410 1252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:56:27.0412 1252 MountMgr - ok
18:56:27.0463 1252 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:56:27.0465 1252 MpFilter - ok
18:56:27.0504 1252 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:56:27.0504 1252 mpio - ok
18:56:27.0557 1252 MpKsl112567fd - ok
18:56:27.0576 1252 MpKsl21691c7e - ok
18:56:27.0586 1252 MpKsl28698052 - ok
18:56:27.0592 1252 MpKsl3683ef38 - ok
18:56:27.0597 1252 MpKsl57328be5 - ok
18:56:27.0627 1252 MpKsl5769a9c3 - ok
18:56:27.0634 1252 MpKsl595c46e3 - ok
18:56:27.0639 1252 MpKsl7f412780 - ok
18:56:27.0644 1252 MpKsl95dbb41b - ok
18:56:27.0695 1252 MpKsld56b956e (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsld56b956e.sys
18:56:27.0696 1252 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsld56b956e.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
18:56:27.0696 1252 MpKsld56b956e ( ForgedFile.Multi.Generic ) - warning
18:56:27.0696 1252 MpKsld56b956e - detected ForgedFile.Multi.Generic (1)
18:56:27.0711 1252 MpKslfa35f3a3 - ok
18:56:27.0738 1252 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:56:27.0739 1252 MpNWMon - ok
18:56:27.0760 1252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:56:27.0762 1252 mpsdrv - ok
18:56:27.0801 1252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:56:27.0802 1252 Mraid35x - ok
18:56:27.0866 1252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:56:27.0868 1252 MRxDAV - ok
18:56:27.0932 1252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:27.0934 1252 mrxsmb - ok
18:56:27.0978 1252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:27.0982 1252 mrxsmb10 - ok
18:56:28.0007 1252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:28.0009 1252 mrxsmb20 - ok
18:56:28.0042 1252 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:56:28.0044 1252 msahci - ok
18:56:28.0070 1252 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:56:28.0071 1252 msdsm - ok
18:56:28.0114 1252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:56:28.0116 1252 Msfs - ok
18:56:28.0151 1252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:56:28.0152 1252 msisadrv - ok
18:56:28.0191 1252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:28.0192 1252 MSKSSRV - ok
18:56:28.0239 1252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:28.0240 1252 MSPCLOCK - ok
18:56:28.0272 1252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:56:28.0273 1252 MSPQM - ok
18:56:28.0332 1252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:56:28.0334 1252 MsRPC - ok
18:56:28.0353 1252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:56:28.0354 1252 mssmbios - ok
18:56:28.0378 1252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:56:28.0379 1252 MSTEE - ok
18:56:28.0401 1252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:56:28.0403 1252 Mup - ok
18:56:28.0483 1252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:28.0485 1252 NativeWifiP - ok
18:56:28.0586 1252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:56:28.0590 1252 NDIS - ok
18:56:28.0635 1252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:28.0636 1252 NdisTapi - ok
18:56:28.0665 1252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:28.0666 1252 Ndisuio - ok
18:56:28.0710 1252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:28.0713 1252 NdisWan - ok
18:56:28.0747 1252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:56:28.0748 1252 NDProxy - ok
18:56:28.0784 1252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:56:28.0785 1252 NetBIOS - ok
18:56:28.0828 1252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:56:28.0831 1252 netbt - ok
18:56:28.0901 1252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:56:28.0902 1252 nfrd960 - ok
18:56:28.0953 1252 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:56:28.0954 1252 NisDrv - ok
18:56:29.0015 1252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:56:29.0017 1252 Npfs - ok
18:56:29.0064 1252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:56:29.0065 1252 nsiproxy - ok
18:56:29.0145 1252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:56:29.0170 1252 Ntfs - ok
18:56:29.0230 1252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:56:29.0230 1252 ntrigdigi - ok
18:56:29.0250 1252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:56:29.0251 1252 Null - ok
18:56:29.0276 1252 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:56:29.0277 1252 nvraid - ok
18:56:29.0299 1252 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:56:29.0300 1252 nvstor - ok
18:56:29.0321 1252 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:56:29.0322 1252 nv_agp - ok
18:56:29.0330 1252 NwlnkFlt - ok
18:56:29.0343 1252 NwlnkFwd - ok
18:56:29.0385 1252 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:56:29.0385 1252 ohci1394 - ok
18:56:29.0407 1252 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
18:56:29.0410 1252 ossrv - ok
18:56:29.0450 1252 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
18:56:29.0451 1252 Parport - ok
18:56:29.0495 1252 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:56:29.0496 1252 partmgr - ok
18:56:29.0531 1252 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
18:56:29.0532 1252 Parvdm - ok
18:56:29.0565 1252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:56:29.0566 1252 pci - ok
18:56:29.0616 1252 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:56:29.0617 1252 pciide - ok
18:56:29.0655 1252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:56:29.0656 1252 pcmcia - ok
18:56:29.0706 1252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:56:29.0733 1252 PEAUTH - ok
18:56:29.0834 1252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:29.0836 1252 PptpMiniport - ok
18:56:29.0859 1252 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:56:29.0860 1252 Processor - ok
18:56:29.0911 1252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:56:29.0911 1252 PSched - ok
18:56:29.0964 1252 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:56:29.0970 1252 ql2300 - ok
18:56:30.0001 1252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:56:30.0002 1252 ql40xx - ok
18:56:30.0045 1252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:56:30.0046 1252 QWAVEdrv - ok
18:56:30.0079 1252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:30.0080 1252 RasAcd - ok
18:56:30.0117 1252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:30.0119 1252 Rasl2tp - ok
18:56:30.0165 1252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:30.0167 1252 RasPppoe - ok
18:56:30.0206 1252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:30.0208 1252 RasSstp - ok
18:56:30.0282 1252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:30.0285 1252 rdbss - ok
18:56:30.0328 1252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:30.0329 1252 RDPCDD - ok
18:56:30.0368 1252 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:56:30.0369 1252 rdpdr - ok
18:56:30.0380 1252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:56:30.0381 1252 RDPENCDD - ok
18:56:30.0430 1252 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:56:30.0433 1252 RDPWD - ok
18:56:30.0512 1252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:30.0513 1252 rspndr - ok
18:56:30.0572 1252 RTL8169 (034088aacdea485f9758964fb8ba571a) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:56:30.0574 1252 RTL8169 - ok
18:56:30.0594 1252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:56:30.0595 1252 sbp2port - ok
18:56:30.0626 1252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:56:30.0627 1252 secdrv - ok
18:56:30.0665 1252 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
18:56:30.0666 1252 Serenum - ok
18:56:30.0696 1252 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
18:56:30.0698 1252 Serial - ok
18:56:30.0742 1252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:56:30.0744 1252 sermouse - ok
18:56:30.0784 1252 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:56:30.0784 1252 sffdisk - ok
18:56:30.0818 1252 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:30.0819 1252 sffp_mmc - ok
18:56:30.0837 1252 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:56:30.0838 1252 sffp_sd - ok
18:56:30.0852 1252 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:56:30.0853 1252 sfloppy - ok
18:56:30.0900 1252 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:56:30.0901 1252 sisagp - ok
18:56:30.0940 1252 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:56:30.0941 1252 SiSRaid2 - ok
18:56:30.0953 1252 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:56:30.0954 1252 SiSRaid4 - ok
18:56:30.0985 1252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:56:30.0987 1252 Smb - ok
18:56:31.0030 1252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:56:31.0031 1252 spldr - ok
18:56:31.0142 1252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:56:31.0190 1252 srv - ok
18:56:31.0218 1252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:56:31.0221 1252 srv2 - ok
18:56:31.0282 1252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:31.0286 1252 srvnet - ok
18:56:31.0356 1252 StarOpen - ok
18:56:31.0445 1252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:56:31.0446 1252 swenum - ok
18:56:31.0478 1252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:56:31.0480 1252 Symc8xx - ok
18:56:31.0538 1252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:56:31.0539 1252 Sym_hi - ok
18:56:31.0561 1252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:56:31.0563 1252 Sym_u3 - ok
18:56:31.0617 1252 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:56:31.0623 1252 Tcpip - ok
18:56:31.0658 1252 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:31.0665 1252 Tcpip6 - ok
18:56:31.0697 1252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:56:31.0698 1252 tcpipreg - ok
18:56:31.0729 1252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:56:31.0729 1252 TDPIPE - ok
18:56:31.0770 1252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:56:31.0796 1252 TDTCP - ok
18:56:31.0837 1252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:56:31.0839 1252 tdx - ok
18:56:31.0878 1252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:56:31.0879 1252 TermDD - ok
18:56:31.0941 1252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:31.0942 1252 tssecsrv - ok
18:56:31.0960 1252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:56:31.0963 1252 tunmp - ok
18:56:31.0989 1252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:31.0990 1252 tunnel - ok
18:56:32.0053 1252 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:56:32.0054 1252 uagp35 - ok
18:56:32.0093 1252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:56:32.0097 1252 udfs - ok
18:56:32.0138 1252 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:56:32.0139 1252 uliagpkx - ok
18:56:32.0164 1252 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:56:32.0166 1252 uliahci - ok
18:56:32.0187 1252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:56:32.0188 1252 UlSata - ok
18:56:32.0207 1252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:56:32.0208 1252 ulsata2 - ok
18:56:32.0247 1252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:56:32.0248 1252 umbus - ok
18:56:32.0287 1252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:56:32.0288 1252 USBAAPL - ok
18:56:32.0358 1252 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:56:32.0360 1252 usbaudio - ok
18:56:32.0414 1252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:32.0416 1252 usbccgp - ok
18:56:32.0447 1252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:56:32.0448 1252 usbcir - ok
18:56:32.0487 1252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:56:32.0488 1252 usbehci - ok
18:56:32.0556 1252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:32.0559 1252 usbhub - ok
18:56:32.0614 1252 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:56:32.0615 1252 usbohci - ok
18:56:32.0656 1252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:32.0658 1252 usbprint - ok
18:56:32.0714 1252 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:56:32.0715 1252 usbscan - ok
18:56:32.0757 1252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:32.0759 1252 USBSTOR - ok
18:56:32.0804 1252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:56:32.0806 1252 usbuhci - ok
18:56:32.0848 1252 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:56:32.0851 1252 usbvideo - ok
18:56:32.0899 1252 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
18:56:32.0899 1252 VCSVADHWSer - ok
18:56:32.0921 1252 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:32.0923 1252 vga - ok
18:56:32.0965 1252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:56:32.0986 1252 VgaSave - ok
18:56:33.0020 1252 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:56:33.0021 1252 viaagp - ok
18:56:33.0074 1252 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:56:33.0075 1252 ViaC7 - ok
18:56:33.0105 1252 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:56:33.0106 1252 viaide - ok
18:56:33.0147 1252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:56:33.0148 1252 volmgr - ok
18:56:33.0229 1252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:56:33.0236 1252 volmgrx - ok
18:56:33.0308 1252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:56:33.0312 1252 volsnap - ok
18:56:33.0353 1252 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:56:33.0354 1252 vsmraid - ok
18:56:33.0388 1252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:56:33.0389 1252 WacomPen - ok
18:56:33.0422 1252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:33.0424 1252 Wanarp - ok
18:56:33.0438 1252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:33.0439 1252 Wanarpv6 - ok
18:56:33.0471 1252 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:56:33.0472 1252 Wd - ok
18:56:33.0523 1252 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:56:33.0539 1252 Wdf01000 - ok
18:56:33.0620 1252 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:56:33.0621 1252 WmiAcpi - ok
18:56:33.0680 1252 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:56:33.0682 1252 WpdUsb - ok
18:56:33.0723 1252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:33.0724 1252 ws2ifsl - ok
18:56:33.0809 1252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:33.0811 1252 WUDFRd - ok
18:56:33.0826 1252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:56:33.0833 1252 \Device\Harddisk0\DR0 - ok
18:56:33.0837 1252 Boot (0x1200) (d699c7e585151ee9c288d23d6f690ff3) \Device\Harddisk0\DR0\Partition0
18:56:33.0838 1252 \Device\Harddisk0\DR0\Partition0 - ok
18:56:33.0857 1252 Boot (0x1200) (8e4a396c6113a3faba16e6a628920c4b) \Device\Harddisk0\DR0\Partition1
18:56:33.0858 1252 \Device\Harddisk0\DR0\Partition1 - ok
18:56:33.0859 1252 ============================================================
18:56:33.0859 1252 Scan finished
18:56:33.0859 1252 ============================================================
18:56:33.0869 3124 Detected object count: 1
18:56:33.0869 3124 Actual detected object count: 1
18:56:45.0454 3124 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsld56b956e.sys - copied to quarantine
18:56:45.0454 3124 MpKsld56b956e ( ForgedFile.Multi.Generic ) - User select action: Quarantine
18:58:04.0882 0848 Deinitialize success




aswMBR:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-17 18:58:16
-----------------------------
18:58:16.931 OS Version: Windows 6.0.6002 Service Pack 2
18:58:16.931 Number of processors: 2 586 0xF02
18:58:16.932 ComputerName: LAWRENCE-PC UserName: Lawrence
18:58:17.632 Initialize success
18:58:47.520 AVAST engine defs: 11121702
18:59:19.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:59:19.388 Disk 0 Vendor: WDC_WD1600JS-22NCB1 10.02E02 Size: 152627MB BusType: 3
18:59:21.398 Disk 0 MBR read successfully
18:59:21.401 Disk 0 MBR scan
18:59:21.404 Disk 0 Windows VISTA default MBR code
18:59:21.408 Disk 0 scanning sectors +312578048
18:59:21.481 Disk 0 scanning C:\Windows\system32\drivers
18:59:23.134 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOW [Rtk]
18:59:31.798 Service scanning
18:59:32.494 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:59:33.088 Modules scanning
18:59:38.331 Scan finished successfully
18:59:54.857 Disk 0 MBR has been saved successfully to "C:\Users\Lawrence\Desktop\MBR.dat"
18:59:54.883 The log file has been saved successfully to "C:\Users\Lawrence\Desktop\aswMBR.txt"





Malwarebytes:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8390

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/17/2011 7:17:29 PM
mbam-log-2011-12-17 (19-17-29).txt

Scan type: Quick scan
Objects scanned: 168159
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






OTL:


OTL.txt


OTL logfile created on: 12/17/2011 7:30:20 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lawrence\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.22% Memory free
4.23 Gb Paging File | 3.10 Gb Available in Paging File | 73.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 19.79 Gb Free Space | 20.26% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 14.60 Gb Free Space | 28.41% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/17 14:25:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lawrence\Downloads\OTL.exe
PRC - [2011/11/08 22:59:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/24 18:56:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/14 05:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/01/26 22:55:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/03 23:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/03 23:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/08 22:59:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:34:08 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 02:34:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:33:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 02:32:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 02:31:58 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:31:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 02:30:50 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 02:30:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/17 21:11:49 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/14 05:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2011/01/26 22:12:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010/07/06 20:26:46 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/03 23:55:20 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/11/09 17:47:46 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/04 13:15:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/12/17 15:59:18 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD62393-EAB9-424F-AFBE-A8AED26DC084}\MpKsld56b956e.sys -- (MpKsld56b956e)
DRV - [2011/08/19 01:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2011/08/19 01:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/05/27 14:22:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/14 06:59:03 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/01/26 23:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 22:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 01:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/22 02:04:40 | 000,262,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/04 01:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 01:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 01:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 01:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 01:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 01:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 01:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 01:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/12/26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/01/18 06:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/10 21:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/24 18:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 17:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/23 17:42:01 | 000,000,000 | ---D | M]

[2010/09/25 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions
[2010/09/25 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/12 22:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions
[2011/04/13 16:05:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/08 22:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/24 18:56:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/08 22:59:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 11:07:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:59:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/17 18:30:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = File not found
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE6CDB5-71B4-4D45-A708-1332C0E8B3AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Lawrence\AppData\Local\stardock\deskwall.bmp
O24 - Desktop BackupWallPaper: C:\Users\Lawrence\AppData\Local\stardock\deskwall.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/17 19:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 19:13:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 19:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 18:57:42 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Lawrence\Desktop\aswMBR.exe
[2011/12/17 18:56:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/17 18:54:03 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lawrence\Desktop\tdsskiller.exe
[2011/12/17 18:38:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/17 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Local\temp
[2011/12/17 18:31:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/17 18:17:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/17 18:13:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 18:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 18:13:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 18:12:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/17 18:10:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 18:06:27 | 004,342,882 | R--- | C] (Swearware) -- C:\Users\Lawrence\Desktop\ComboFix.exe
[2011/12/15 03:01:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:01:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:01:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:01:45 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:01:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:01:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 16:05:50 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 16:05:50 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 16:05:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 16:05:48 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 16:05:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 16:05:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/13 07:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/13 07:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Firestorm-Release
[2011/12/10 20:42:56 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\Documents\FullReport.do_files
[2011/12/10 03:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/12/09 01:33:26 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Local\Logitech® Webcam Software
[2011/12/09 01:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011/12/09 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Roaming\Leadertech
[2011/12/09 01:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/12/09 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/12/09 01:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/12/09 01:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/12/09 01:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/12/06 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\Documents\loadUCPPage.do_files
[2011/11/23 17:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/23 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/23 17:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/23 17:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/23 17:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/23 17:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/03 23:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 23:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/17 19:13:18 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 19:11:18 | 000,642,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/17 19:11:18 | 000,119,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/17 19:05:52 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 19:05:52 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 19:05:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/17 19:05:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 19:04:41 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/17 19:04:41 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/17 19:04:41 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/17 18:59:54 | 000,000,512 | ---- | M] () -- C:\Users\Lawrence\Desktop\MBR.dat
[2011/12/17 18:57:42 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Lawrence\Desktop\aswMBR.exe
[2011/12/17 18:54:04 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lawrence\Desktop\tdsskiller.exe
[2011/12/17 18:30:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/17 18:06:42 | 004,342,882 | R--- | M] (Swearware) -- C:\Users\Lawrence\Desktop\ComboFix.exe
[2011/12/17 17:53:45 | 201,961,537 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/15 21:48:30 | 000,207,872 | ---- | M] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2
[2011/12/15 03:22:54 | 000,262,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 07:16:54 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/12 09:26:54 | 000,000,913 | ---- | M] () -- C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/12/10 20:42:56 | 000,359,979 | ---- | M] () -- C:\Users\Lawrence\Documents\FullReport.do.htm
[2011/12/09 15:10:29 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/09 01:07:44 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/12/06 09:32:51 | 000,012,924 | ---- | M] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.pdf
[2011/12/06 09:32:09 | 000,012,812 | ---- | M] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.htm
[2011/12/02 12:10:11 | 000,072,960 | ---- | M] () -- C:\Users\Lawrence\Desktop\Untitled 1.pdf
[2011/12/02 10:15:14 | 000,028,816 | ---- | M] () -- C:\Users\Lawrence\Documents\Untitled 1.odt
[2011/11/23 17:41:55 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/23 05:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 19:13:18 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 18:59:54 | 000,000,512 | ---- | C] () -- C:\Users\Lawrence\Desktop\MBR.dat
[2011/12/17 18:13:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 18:13:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 18:13:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 18:13:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 18:13:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/15 21:20:02 | 000,011,630 | -HS- | C] () -- C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:20:02 | 000,011,630 | -HS- | C] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2
[2011/12/13 07:16:54 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/12 17:02:05 | 201,961,537 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/12 09:26:54 | 000,000,913 | ---- | C] () -- C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/12/10 20:42:54 | 000,359,979 | ---- | C] () -- C:\Users\Lawrence\Documents\FullReport.do.htm
[2011/12/09 01:07:44 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/12/06 09:32:50 | 000,012,924 | ---- | C] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.pdf
[2011/12/06 09:32:05 | 000,012,812 | ---- | C] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.htm
[2011/12/02 12:10:08 | 000,072,960 | ---- | C] () -- C:\Users\Lawrence\Desktop\Untitled 1.pdf
[2011/11/23 17:41:55 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/23 17:38:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/24 18:59:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/24 18:59:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/19 01:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 01:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 01:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/25 22:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/18 13:08:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ps3sixaxis_en.exe
[2011/06/18 13:05:46 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011/06/15 15:04:52 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/18 10:26:07 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2011/04/18 10:24:27 | 000,179,734 | ---- | C] () -- C:\Windows\hpwins14.dat
[2011/04/18 10:24:27 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2011/02/27 03:12:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/26 21:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/26 21:49:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/25 01:42:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/31 18:04:42 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/12/21 02:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/11 12:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/19 08:30:40 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI
[2010/08/19 08:30:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MSHRES_U.DLL
[2010/08/12 02:44:21 | 000,207,872 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 14:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/04 13:15:04 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/04 13:15:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/04 12:38:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/04 11:59:26 | 000,000,680 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\d3d9caps.dat
[2010/07/06 17:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/06/04 00:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 23:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/03 23:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/03 23:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 23:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,262,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,642,462 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,119,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 2158 bytes -> C:\Windows\System32\drivers\afzdbcea.sys:changelist

< End of report >





Extras:


OTL Extras logfile created on: 12/17/2011 7:30:20 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lawrence\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.22% Memory free
4.23 Gb Paging File | 3.10 Gb Available in Paging File | 73.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 19.79 Gb Free Space | 20.26% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 14.60 Gb Free Space | 28.41% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C6366BD-BCF8-4C78-BFB0-8A55FD02E546}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C0E159CC-0D57-4866-9FD9-56BB520706A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBAB7E9D-C1A8-4E7E-99A7-63EAC59A9C15}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0000ADA4-82F4-4AA8-AE49-921448989FFF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0A6DD4F8-A653-42BA-907C-7E79B426EF15}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1C8A1EF5-C3FA-4D23-8DB8-C94151929EF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\counterstrike source beta\hl2.exe |
"{21CFA925-8753-4F7C-90B9-0E5802871739}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\counterstrike source beta\hl2.exe |
"{22CC0896-E5E5-4446-B18E-7460DD2C32E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2FCE2A2A-BDD0-4884-A20D-AC407A03B40B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3967AF4F-9275-4333-80AE-A2020F2113A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{408034A6-0CDB-450F-836C-BB93D8A818B6}" = protocol=6 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{4C271AF1-A18C-4680-8E0C-AA493C7A122E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51210A08-D2B6-4461-ABD2-2BA859F1F24E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress classic\hl.exe |
"{55391DB2-4650-407A-A6D6-805F1C59C138}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5E28F352-B56C-4E02-BB84-7E4C434BA3A1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\day of defeat source\hl2.exe |
"{6E8AA84B-4884-41CF-9D2B-4E5B935B8DDE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{7EE56860-8595-4E2C-826E-CD18D2AD3136}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9E4CE849-03B0-4B72-B052-744B214610B1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A0B185BF-33C0-4539-AEE5-D13873351A95}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\day of defeat source\hl2.exe |
"{A2B9BDC3-8E15-487B-8797-EB5D4037477E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AF491A84-203E-44A7-AD1D-BB14AC24E8A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life\hl.exe |
"{B660E0F8-05AB-4C69-BE55-ACED870D97EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD0E6ACE-D8AB-40E3-A04E-31303CB43D0C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{D26033F9-B851-4187-A467-AEC9D133D7ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life\hl.exe |
"{E5EC88E2-F387-4A68-84F0-F48E603F8A31}" = protocol=17 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |
"{F51696B5-3986-4295-AEE7-1F411510E704}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{F59F6BF5-CF70-4680-8BA7-961730F2D91F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress classic\hl.exe |
"{FBD35036-377D-49DB-AD0C-DBC35B546631}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC1571BB-F3BE-45AE-9C5D-E2CB102D7B71}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{02DB324F-C308-4331-974F-F6BE692E80D4}C:\program files\secondlifeviewer2\slplugin.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slplugin.exe |
"TCP Query User{04F28D6D-D631-45EC-AD64-5569440557ED}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{05CE8715-0F97-4CE6-8035-FF156D8FC5E7}C:\program files\firestorm-beta-mesh\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-beta-mesh\slvoice.exe |
"TCP Query User{090CA08A-0B53-4884-9A2C-010897A9B4A3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{12D7075C-EB51-43DF-8B2E-108AFCDA42B2}C:\program files\firestorm-release\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-release\slvoice.exe |
"TCP Query User{19BDD935-B2BE-4191-AA88-FB0D02A84A7D}C:\program files\firestorm-preview\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\firestorm-preview\slvoice.exe |
"TCP Query User{23C00775-7382-4759-A8D0-FA8AB094A1D6}E:\win32\launcher\dist\launch.exe" = protocol=6 | dir=in | app=e:\win32\launcher\dist\launch.exe |
"TCP Query User{2E085DEF-979C-46EF-8882-A180A25223C2}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3322B553-C620-4533-9813-7C112FDAA9D6}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"TCP Query User{3920A0E0-6A0E-4B8E-92BD-83FAABAC23F9}C:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe |
"TCP Query User{3B318306-F89D-42CC-8E62-F93E7660450E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{4C96BB9E-C13D-4299-BB98-62C37ACBF36A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5C20FDEB-2C5C-4463-921F-FDC349894870}C:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe |
"TCP Query User{76CBCB85-B252-488A-886C-D56C1011B55A}C:\users\lawrence\saved games\dark life\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\users\lawrence\saved games\dark life\secondlife\slvoice.exe |
"TCP Query User{801A9ACD-32E9-4B6F-B4C6-B3F8CCE09363}C:\program files\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"TCP Query User{8C4A110C-B7F8-4043-AAE0-0DE909DD6F84}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8EDCD710-90DE-434D-B412-C0C402F46E39}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{90C799BB-208D-4325-AFDF-8A6B9738A9FA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{958EAF10-BE67-490E-A877-A27210346C23}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{9824A96A-5B78-4848-B241-892575400D96}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A4A35F82-DF32-4B5D-803F-8BC04AD33400}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B481D310-D5D0-4714-B4B0-73616EB019DE}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B846EC43-7419-4C72-8C32-1F4901DD94CA}C:\program files\emerald viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\emerald viewer\slvoice.exe |
"TCP Query User{B9D682FB-4FE2-44AD-84AC-F1B6885406F7}C:\program files\singularityviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\singularityviewer\slvoice.exe |
"TCP Query User{BACDC3A8-3E61-469B-AC31-5D2C25E1CC8D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{C4772A0F-740A-4B38-A7C0-5818E74CE853}C:\program files\phoenix viewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"TCP Query User{C944CF21-55DC-4338-82BE-59F44CF6F2C7}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"TCP Query User{D9865131-7C40-443D-842E-6D95F528F08E}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"TCP Query User{DACE4FFF-0962-423A-9910-7F35C2491597}C:\program files\incognito\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\incognito\slvoice.exe |
"TCP Query User{E26FC98F-96A4-4504-932E-BB6ADC1B5922}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{E98FE8DF-09D5-49EC-AE18-4F1A1BD593B5}C:\program files\3dchat\client.exe" = protocol=6 | dir=in | app=c:\program files\3dchat\client.exe |
"TCP Query User{FDE83EE2-B8C9-4AA3-9BAF-6C1B49E08B34}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"UDP Query User{1A6A67AE-2CD7-4590-94BD-B02C648CD4F8}C:\program files\singularityviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\singularityviewer\slvoice.exe |
"UDP Query User{212B932A-1BBD-4322-8601-44D168B93599}C:\program files\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"UDP Query User{246B1DB1-0EBA-433C-A91C-576204726993}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{3D7CF850-BADC-48D5-AC83-66F78E73BB4F}C:\program files\phoenix viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\phoenix viewer\slvoice.exe |
"UDP Query User{4FE8B33D-DCCC-4C95-A930-3831C9471376}C:\users\lawrence\saved games\dark life\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\users\lawrence\saved games\dark life\secondlife\slvoice.exe |
"UDP Query User{512D93D2-C6F1-4AA8-9861-300F84EB1188}C:\program files\3dchat\client.exe" = protocol=17 | dir=in | app=c:\program files\3dchat\client.exe |
"UDP Query User{521F585A-1EE7-4384-8630-B8C890235C51}C:\program files\incognito\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\incognito\slvoice.exe |
"UDP Query User{5341D996-DCE8-4E5E-81B6-3E49F27A490A}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"UDP Query User{632D6624-5C73-4A8D-B70F-3A02D687973B}C:\program files\emerald viewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\emerald viewer\slvoice.exe |
"UDP Query User{646FD486-6A8D-4AAC-86FC-0D5CDA8EC8C4}C:\program files\firestorm-release\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-release\slvoice.exe |
"UDP Query User{684F71AC-34D4-4C70-B140-85F1C887894B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{717329D5-E5C3-4EF8-B8A0-074CF540983C}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7422736D-E2D8-451E-90A4-37469314AEE2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{750DB535-5B02-45DE-A07B-ED7D6A6E6FA0}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{7982D860-0A0F-466B-936F-AC2E78F160F1}C:\program files\firestorm-beta-mesh\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-beta-mesh\slvoice.exe |
"UDP Query User{7C7D79C8-A510-4FAE-982D-5F208CABD4AF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{7E4DCC07-E6EE-40E6-B400-EBAF53E5AACA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{82D05BFA-0FFD-43C1-BC8C-AF241182332B}E:\win32\launcher\dist\launch.exe" = protocol=17 | dir=in | app=e:\win32\launcher\dist\launch.exe |
"UDP Query User{834EFCEE-B656-4AF4-9135-C9007E0990ED}C:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\source sdk base\hl2.exe |
"UDP Query User{85045E0B-AC65-4F31-A7F1-7230587A107B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{870FC149-BC9A-4AE5-B803-D8E06730F6A9}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{A55E5BFC-DA1D-4E87-97BE-A9A679519DB9}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"UDP Query User{A9F94606-745A-4B1E-B224-59E32413FED5}C:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\team fortress 2\hl2.exe |
"UDP Query User{AD85442D-7E38-40B3-8D92-428E6F9B7E4E}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{BB2C3925-FE8B-4AF1-99CE-DBC6083BDF38}C:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\users\lawrence\desktop\darklife 2\secondlife\slvoice.exe |
"UDP Query User{C6004BB5-F788-455C-AEC6-489CCDBAE200}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{CA193461-FCE6-4DB9-B067-E7F0F1EB6E4F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D1B605BB-683B-4F09-9DCE-849009DAEA66}C:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\respawnsodomy\half-life 2 deathmatch\hl2.exe |
"UDP Query User{D57830F1-AD42-40B8-B3A3-D5D97468E62B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DC00B877-D8D3-46D7-A2FC-01900602A574}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{DEB00285-B9EF-4C03-830F-F1D4EDB9FBE5}C:\program files\firestorm-preview\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\firestorm-preview\slvoice.exe |
"UDP Query User{FAD87EB3-3846-4C56-AB6F-4DCF57AACF38}C:\program files\secondlifeviewer2\slplugin.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77EC0035-AFBA-4A8C-814A-6A887224C1A1}" = DeskScapes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E52BFE61-E0FF-11D6-9D69-00065BABCB42}" = Reason
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED8A2334-84CB-4AE0-80C5-7E26F9610AA0}_is1" = Incognito version Summer 2011
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"BitTorrent" = BitTorrent
"Blender" = Blender
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeskScapes" = DeskScapes
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup" = DivX Setup
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Firestorm-Release" = Firestorm-Release (remove only)
"GoldWave v5.24" = GoldWave v5.24
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HTC_WModemDriver" = WModem Driver Installer
"IconPackager" = IconPackager
"InstallShield_{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.9 (Basic)
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MKV Player_is1" = MKV Player 2.0
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NOOK Study" = NOOK Study
"OpenAL" = OpenAL
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 215" = Source SDK Base 2006
"Steam App 260" = Counter-Strike: Source Beta
"VirtuaWin_is1" = VirtuaWin v4.2
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 5 (32-bit)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 10:30:49 PM | Computer Name = Lawrence-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/17/2011 11:21:08 PM | Computer Name = Lawrence-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f78 Start Time: 01ccbd33fe265800 Termination Time: 3

Error - 12/17/2011 11:22:18 PM | Computer Name = Lawrence-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e78 Start Time: 01ccbd342e0e8e39 Termination Time: 4

[ System Events ]
Error - 12/17/2011 10:30:47 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/17/2011 10:30:47 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/17/2011 10:30:47 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/17/2011 10:30:47 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/17/2011 10:30:51 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/17/2011 11:06:59 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/17/2011 11:06:59 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/17/2011 11:06:59 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/17/2011 11:06:59 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/17/2011 11:07:33 PM | Computer Name = Lawrence-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Attached Thumbnails

  • Computer Management Screenshot.jpg

  • 0

#4
RKinner
Posted 18 December 2011 - 01:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall
Java™ 6 Update 26 Get latest from java.com
Ask Toolbar - Foistware
Adobe Flash Player 10 ActiveX - obsolete get latest at adobe.com
Adobe Flash Player 10 Plugin - obsolete get latest at adobe.com
McAfee Security Scan Plus - Foistware

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:25:53 | 000,011,630 | -HS- | M] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config Wsearch start= disabled /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Copy the text in the code box by highlighting and Ctrl + c 


/md5start
mswsock.dll
winrnr.dll
mdnsNSP.dll
afd.sys
tcpip.sys
dfsc.sys
/md5stop
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.

Ron
  • 0

#5
thepsilocybevibe
Posted 18 December 2011 - 11:41 AM

thepsilocybevibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello!

I ran through each step:


*Uninstalled/Updated software as listed.

*Copied code text and ran it through OTL. You didn't request the log it gave me after the reboot but here it is just in case you need it.


========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Lawrence\AppData\Local\657405y0j711t125n073v2rlu0r2 moved successfully.
C:\ProgramData\657405y0j711t125n073v2rlu0r2 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lawrence\Downloads\cmd.bat deleted successfully.
C:\Users\Lawrence\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lawrence\Downloads\cmd.bat deleted successfully.
C:\Users\Lawrence\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lawrence\Downloads\cmd.bat deleted successfully.
C:\Users\Lawrence\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Lawrence\Downloads\cmd.bat deleted successfully.
C:\Users\Lawrence\Downloads\cmd.txt deleted successfully.
< sc config Wsearch start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Lawrence\Downloads\cmd.bat deleted successfully.
C:\Users\Lawrence\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lawrence
->Flash cache emptied: 96194 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lawrence
->Java cache emptied: 1216226 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12182011_082318

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





*Cleared "System" and "Application" logs and rebooted.

*sfc /scannow and sigverif in command prompt. I got many files after sigverif but they're all old dates. The most recent date was 5/27/2011...Long before I noticed symptoms. The file is "dtsoftbus01.sys"

*VEW.exe logs:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/12/2011 8:49:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/12/2011 8:58:43 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




*Ran OTL



OTL logfile created on: 12/18/2011 8:59:55 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lawrence\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.10% Memory free
4.23 Gb Paging File | 2.95 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 19.60 Gb Free Space | 20.07% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 14.60 Gb Free Space | 28.41% Space Free | Partition Type: NTFS

Computer Name: LAWRENCE-PC | User Name: Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/17 14:25:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lawrence\Downloads\OTL.exe
PRC - [2011/11/08 22:59:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/24 18:56:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/14 05:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/01/26 22:55:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/06/03 23:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/03 23:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/18 08:20:28 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 22:59:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:34:08 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 02:34:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:33:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 02:32:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 02:31:58 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:31:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 02:30:50 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 02:30:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/14 05:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2011/01/31 17:38:38 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/01/26 22:12:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010/07/06 20:26:46 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/03 23:55:20 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/11/09 17:47:46 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 01:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/04 13:15:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/19 01:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2011/08/19 01:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/05/27 14:22:17 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/14 06:59:03 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/01/26 23:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 22:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 01:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/22 02:04:40 | 000,262,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/04 01:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 01:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 01:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 01:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 01:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 01:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 01:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 01:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/12/26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/01/18 06:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15007
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/10 21:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/24 18:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 17:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 08:25:45 | 000,000,000 | ---D | M]

[2010/09/25 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions
[2010/09/25 12:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/10/12 22:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions
[2011/04/13 16:05:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawrence\AppData\Roaming\mozilla\Firefox\Profiles\oehiqy60.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/12/18 08:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/18 08:13:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/09/24 18:56:48 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/08 22:59:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/18 08:12:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 11:07:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:59:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/17 18:30:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = File not found
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE6CDB5-71B4-4D45-A708-1332C0E8B3AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Lawrence\AppData\Local\stardock\deskwall.bmp
O24 - Desktop BackupWallPaper: C:\Users\Lawrence\AppData\Local\stardock\deskwall.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 08:47:05 | 000,061,440 | ---- | C] ( ) -- C:\Users\Lawrence\Desktop\VEW.exe
[2011/12/18 08:23:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/18 08:20:28 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/18 08:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/18 08:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/18 08:12:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/18 08:12:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/18 08:12:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/17 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Local\Firestorm
[2011/12/17 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Roaming\Skype
[2011/12/17 20:49:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/12/17 20:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/17 20:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/17 19:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 19:13:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 19:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 18:57:42 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Lawrence\Desktop\aswMBR.exe
[2011/12/17 18:56:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/17 18:54:03 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lawrence\Desktop\tdsskiller.exe
[2011/12/17 18:38:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/17 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Local\temp
[2011/12/17 18:31:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/17 18:17:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/17 18:13:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 18:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 18:13:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 18:12:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/17 18:10:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 18:06:27 | 004,342,882 | R--- | C] (Swearware) -- C:\Users\Lawrence\Desktop\ComboFix.exe
[2011/12/15 03:01:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:01:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:01:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:01:45 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:01:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:01:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 16:05:50 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 16:05:50 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 16:05:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 16:05:48 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 16:05:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 16:05:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/13 07:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2011/12/13 07:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Firestorm-Release
[2011/12/10 20:42:56 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\Documents\FullReport.do_files
[2011/12/10 03:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/12/09 01:33:26 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Local\Logitech® Webcam Software
[2011/12/09 01:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011/12/09 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\AppData\Roaming\Leadertech
[2011/12/09 01:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/12/09 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/12/09 01:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/12/09 01:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/12/09 01:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/12/06 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Lawrence\Documents\loadUCPPage.do_files
[2011/11/23 17:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/23 17:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/23 17:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/23 17:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/23 17:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/23 17:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/03 23:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/03 23:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/18 08:47:06 | 000,061,440 | ---- | M] ( ) -- C:\Users\Lawrence\Desktop\VEW.exe
[2011/12/18 08:31:35 | 000,642,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/18 08:31:35 | 000,119,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/18 08:26:01 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 08:26:01 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 08:25:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 08:25:47 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 08:25:13 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/18 08:25:13 | 000,054,760 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/18 08:25:13 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00311102}.rfx
[2011/12/18 08:20:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/18 08:18:46 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/18 08:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/18 08:12:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/18 08:12:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/18 08:12:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/17 20:49:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/17 19:13:18 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 18:57:42 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Lawrence\Desktop\aswMBR.exe
[2011/12/17 18:54:04 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lawrence\Desktop\tdsskiller.exe
[2011/12/17 18:30:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/17 18:06:42 | 004,342,882 | R--- | M] (Swearware) -- C:\Users\Lawrence\Desktop\ComboFix.exe
[2011/12/17 17:53:45 | 201,961,537 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/15 21:48:30 | 000,207,872 | ---- | M] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 03:22:54 | 000,262,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 07:16:54 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/12 09:26:54 | 000,000,913 | ---- | M] () -- C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/12/10 20:42:56 | 000,359,979 | ---- | M] () -- C:\Users\Lawrence\Documents\FullReport.do.htm
[2011/12/09 15:10:29 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/09 01:07:44 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/12/06 09:32:51 | 000,012,924 | ---- | M] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.pdf
[2011/12/06 09:32:09 | 000,012,812 | ---- | M] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.htm
[2011/12/02 12:10:11 | 000,072,960 | ---- | M] () -- C:\Users\Lawrence\Desktop\Untitled 1.pdf
[2011/12/02 10:15:14 | 000,028,816 | ---- | M] () -- C:\Users\Lawrence\Documents\Untitled 1.odt
[2011/11/23 17:41:55 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/23 05:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/18 08:18:46 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/18 08:18:46 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/17 20:49:36 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/17 19:13:18 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 18:13:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 18:13:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 18:13:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 18:13:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 18:13:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 07:16:54 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2011/12/12 17:02:05 | 201,961,537 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/12 09:26:54 | 000,000,913 | ---- | C] () -- C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/12/10 20:42:54 | 000,359,979 | ---- | C] () -- C:\Users\Lawrence\Documents\FullReport.do.htm
[2011/12/09 01:07:44 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/12/06 09:32:50 | 000,012,924 | ---- | C] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.pdf
[2011/12/06 09:32:05 | 000,012,812 | ---- | C] () -- C:\Users\Lawrence\Documents\loadUCPPage.do.htm
[2011/12/02 12:10:08 | 000,072,960 | ---- | C] () -- C:\Users\Lawrence\Desktop\Untitled 1.pdf
[2011/11/23 17:41:55 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/23 17:38:02 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/24 18:59:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/24 18:59:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/08/19 01:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 01:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 01:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/25 22:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/18 13:08:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ps3sixaxis_en.exe
[2011/06/18 13:05:46 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011/06/15 15:04:52 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/18 10:26:07 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2011/04/18 10:24:27 | 000,179,734 | ---- | C] () -- C:\Windows\hpwins14.dat
[2011/04/18 10:24:27 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2011/02/27 03:12:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/26 21:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/26 21:49:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/25 01:42:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/31 18:04:42 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/12/21 02:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/11 12:20:33 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/19 08:30:40 | 000,020,436 | ---- | C] () -- C:\Windows\MSUMLT_U.INI
[2010/08/19 08:30:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MSHRES_U.DLL
[2010/08/12 02:44:21 | 000,207,872 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 14:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/04 13:15:04 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/04 13:15:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/08/04 12:38:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/04 11:59:26 | 000,000,680 | ---- | C] () -- C:\Users\Lawrence\AppData\Local\d3d9caps.dat
[2010/07/06 17:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/06/04 00:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 00:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/03 23:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/03 23:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/03 23:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/03 23:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 08:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,262,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,642,462 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,119,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========



< MD5 for: AFD.SYS >
[2011/04/21 05:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 05:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 05:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2006/11/02 00:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2011/04/21 05:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/18 21:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 20:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 05:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: DFSC.SYS >
[2009/04/10 20:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2011/04/14 06:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2008/01/18 21:28:20 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9E635AE5E8AD93E2B5989E2E23679F97 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2011/04/14 06:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=A3E9FA213F443AC77C7746119D13FEEC -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2006/11/02 00:31:04 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=A7179DE59AE269AB70345527894CCD7C -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys
[2011/04/13 05:22:40 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E20FB30D720810646ED24FB7CA9899A2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys
[2011/04/14 06:59:03 | 000,075,264 | ---- | M] () MD5=F7F11E66ABF5C225437CB8BF219564A4 -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/14 06:59:03 | 000,075,264 | ---- | M] () MD5=F7F11E66ABF5C225437CB8BF219564A4 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys

< MD5 for: MDNSNSP.DLL >
[2011/08/30 23:05:02 | 000,121,704 | ---- | M] (Apple Inc.) MD5=40947436A70E0034E41123DF5A0A7702 -- C:\Program Files\Bonjour\mdnsNSP.dll

< MD5 for: MSWSOCK.DLL >
[2006/11/02 01:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/18 23:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: TCPIP.SYS >
[2008/04/26 00:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/10 22:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 13:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2010/08/06 03:28:56 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2010/08/06 03:28:53 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 12:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2010/08/07 02:28:19 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/08/07 02:28:18 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2010/08/06 03:28:56 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/08/07 02:28:19 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/08/07 02:28:19 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010/08/06 02:50:58 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2010/08/06 02:50:59 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 07:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2010/08/06 03:28:55 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 12:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 08:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 07:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 13:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/09/20 13:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/20 13:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 00:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2010/08/06 03:28:53 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/08/07 02:28:18 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 08:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2006/11/02 00:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/08/07 02:28:19 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008/01/18 23:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2010/08/06 03:28:54 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: WINRNR.DLL >
[2009/04/10 22:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/10 22:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 01:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 2158 bytes -> C:\Windows\System32\drivers\afzdbcea.sys:changelist

< End of report >




If I missed anything, please let me know. I really appreciate your time!
  • 0

#6
RKinner
Posted 18 December 2011 - 12:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looking much better now.

Run aswMBR again and post the log. Does it still say: File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOW [Rtk]
  • 0

#7
thepsilocybevibe
Posted 19 December 2011 - 10:45 AM

thepsilocybevibe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Good morning



Yeah, I ran aswMBR again and that file does come up infected.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 08:39:20
-----------------------------
08:39:20.055 OS Version: Windows 6.0.6002 Service Pack 2
08:39:20.055 Number of processors: 2 586 0xF02
08:39:20.078 ComputerName: LAWRENCE-PC UserName: Lawrence
08:40:42.406 Initialize success
08:41:21.897 AVAST engine defs: 11121702
08:41:34.320 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:41:34.322 Disk 0 Vendor: WDC_WD1600JS-22NCB1 10.02E02 Size: 152627MB BusType: 3
08:41:36.363 Disk 0 MBR read successfully
08:41:36.366 Disk 0 MBR scan
08:41:36.370 Disk 0 Windows VISTA default MBR code
08:41:36.374 Disk 0 scanning sectors +312578048
08:41:36.465 Disk 0 scanning C:\Windows\system32\drivers
08:41:39.385 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOW [Rtk]
08:41:53.163 Service scanning
08:41:54.289 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:41:54.959 Modules scanning
08:42:13.036 Disk 0 trace - called modules:
08:42:13.083 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
08:42:13.426 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c35ac8]
08:42:13.429 3 CLASSPNP.SYS[880488b3] -> nt!IofCallDriver -> [0x84623898]
08:42:13.434 5 acpi.sys[87a516bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x845f0b98]
08:42:13.439 Scan finished successfully
08:42:34.350 Disk 0 MBR has been saved successfully to "C:\Users\Lawrence\Desktop\MBR.dat"
08:42:34.365 The log file has been saved successfully to "C:\Users\Lawrence\Desktop\aswMBR.txt"
  • 0

#8
RKinner
Posted 19 December 2011 - 11:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own. I expect Combofix to reboot as part of the replacement process. If it doesn't then reboot your system.

Post the new log.

Run aswMBR again. Does it still complain about the file?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP